[krbdev.mit.edu #1253] Re: SAM uses RC4 insecurely
Sam Hartman via RT
rt-comment at krbdev.mit.edu
Tue Nov 12 13:24:58 EST 2002
Well, there is a derive-key for rc4, but it only takes keyusage as
input, not a string.
Defining dk interms of dr would work for rc4 if you had a reasonable
definition of dr, but you currently do not.
This is an issue both against the code and against your draft. The
issue against your draft is best solved by including dr in the crypto
profile; the issue against the code is more complex as it requires us
to actually define dr for rc4. One simple but kind of sucky
definition of dr might be md4. A better definition would involve the
data-dependent key setup from the rest of the rc4 draft with the
confounder removed.
More information about the krb5-bugs
mailing list