[krbdev.mit.edu #1252] Re: SAM uses RC4 insecurely
kenh@cmf.nrl.navy.mil via RT
rt-comment at krbdev.mit.edu
Mon Nov 11 23:47:48 EST 2002
>Hi. The definition of dr in src/lib/crypto/combine_keys.c mishandles
>the rc4 enctype. In particular, It will encrypt the constant using
>rc4 directly in the long-term key. No cipher state is used for rc4,
>so the rc4 PRNG is always positioned at the same point in the cipher
>stream.
>[...]
I think maybe I'm just jet-lagged, or perhaps I'm missing something
about RC4 (I know it's a stream cipher, but not the details). But
can you elaborate on this statement?
>effectively for rc4 dr(k, c) is c^rc4(k).
Hm, I guess that after reading Brezak's draft, I see that there doesn't
seem to be a Derive-Key() for RC4 (not as I understand it).
--Ken
More information about the krb5-bugs
mailing list