Received: from pacific-carrier-annex.mit.edu (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.7.21.83]) by krbdev.mit.edu (8.9.3) with ESMTP id NAA07410; Tue, 12 Nov 2002 13:24:53 -0500 (EST)
Received: from konishi-polis.mit.edu (KONISHI-POLIS.MIT.EDU [18.18.3.10]) by pacific-carrier-annex.mit.edu (8.9.2/8.9.2) with ESMTP id NAA14487 for <krb5-bugs@MIT.EDU>; Tue, 12 Nov 2002 13:24:53 -0500 (EST)
Received: by konishi-polis.mit.edu (Postfix, from userid 8042) id 2BC8915211F; Tue, 12 Nov 2002 13:24:50 -0500 (EST)
To: Ken Hornstein <kenh@cmf.nrl.navy.mil>
Cc: krb5-bugs@mit.edu
Subject: Re: SAM uses RC4 insecurely
References: <200211120447.gAC4lfUs019903@ginger.cmf.nrl.navy.mil>
From: Sam Hartman <hartmans@MIT.EDU>
Date: Tue, 12 Nov 2002 13:24:50 -0500
In-Reply-To: <200211120447.gAC4lfUs019903@ginger.cmf.nrl.navy.mil> (Ken Hornstein's message of "Mon, 11 Nov 2002 23:47:40 -0500")
Message-Id: <tsln0oefxxp.fsf@konishi-polis.mit.edu>
Lines: 15
User-Agent: Gnus/5.090006 (Oort Gnus v0.06) Emacs/21.2 (i386-debian-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-RT-Original-Encoding: us-ascii
Content-Length: 629

Well, there is a derive-key for rc4, but it only takes keyusage as
input, not a string.


Defining dk interms of dr would work for rc4 if you had a reasonable
definition of dr, but you currently do not.

This is an issue both against the code and against your draft.  The
issue against your draft is best solved by including dr in the crypto
profile; the issue against the code is more complex as it requires us
to actually define dr for rc4.  One simple but kind of sucky
definition of dr might be md4.  A better definition would involve the
data-dependent key setup from the rest of the rc4 draft with the
confounder removed.