RC4 weakness ?

Tim Alsop Tim.Alsop at CyberSafe.Com
Wed Nov 1 11:27:29 EST 2006


Hi,
 
I have heard recently that with RC4 there appears to be a generic
weakness with the standard implementation of the algorithm.  Research by
Fluhrer, Mantin and Shamir demonstrated that all RC4 keys are vulnerable
to brute-forcing attacks as the first few bytes of output keystream are
non-random.  Thus information about the key can be deduced by an
attacker so reducing the computational effort required to de-crypt the
message.
 
The recommended crypto-system defence against this attack is to discard
the initial portion of the keystream (e.g.  the first 1024 bytes) before
using it.  This removes the predictable part of the key making it harder
to brute force the encryption key.
 
Can somebody let me know how the Kerberos standard use of RC4 addresses
this issue ?
 
Thanks
Tim
 



More information about the Kerberos mailing list