Penetration Testing mailing list archives
Re: [PEN-TEST] RC4
From: Alan Olsen <alan () CLUESERVER ORG>
Date: Tue, 28 Nov 2000 22:05:51 -0800
On Tue, 28 Nov 2000, Jay Mobley wrote:
So , I am not pen-testing anything, but rather looking at some of my own venurabilities... and in doing so I learn that my Win2k Terminal server sends data to and from its client in a data stream encrypted with RC4. And in researching what I could about RC4 , I have seen time and time again that RC4 source was posted to a public usenet forum..... So my question is this... If one has the source code to an encryption standard... how secure is that standard???
Believe it or not, much more than the security of one without the source revealed. RC4 has been examined by cryptographers the world over. It has been pounded on and found that it can withstand the abuse. An algorythm that has not been revealed to the public is less secure because it can hold design flaws that are not obvious to the designer. (Many algorythms have been shot down by rival cryptographers, sometimes in the middle of presenting the algorithm publically for the first time. SSL v1.0 is one such case.) Interestingly enough, RSA Inc tried to keep RC4 and RC2 as "trade secrets", only letting you examine them after signing lots of NDAs. The source was revealed when someone posted it through a remailer to the Cypherpunks list and sci.crypt. (They reverse engenered it, probably from the BSAFE kit.) Sometimes you will see code refered to as "ARC4". This is RC4 from the publically released code, but under a different name due to Trademark issues. (RC4 is a trademark of RSA Inc.) Since then, RC4 has recieved much more examination and found to be strong AS LONG AS IT IS IMPLEMENTED CORRECTLY. Here is where people get caught though... They think because they are using algorythm X, that they are safe. Not always true. If the key exchange leaks information (or the key), then it can be intercepted. If you can fake being the site in the middle (due to improper authentication), then data can be intercepted. If you can reuse captured authentication information later, you may be able to get in. If the key does not cover the entire key space, then it may be easier to brute force. (This is more common than you would believe.) There are a whole host of problems that are not related to the transport encryption. ALL of them have tobe good or the whole process falls apart. In the case of Microsoft protocols, take a look at the white papers on PPTP v1.0 and v2.0 on http://www.counterpane.com/. That is one example. Since Microsoft has kept the RDP protocol under wraps, it is difficult to know just how secure it is without reverse engeneering it. (Followed by the fight to the death in a pit filled with hungey lawyers.) alan () ctrl-alt-del com | Note to AOL users: for a quick shortcut to reply Alan Olsen | to my mail, just hit the ctrl, alt and del keys. "In the future, everything will have its 15 minutes of blame."
Current thread:
- [PEN-TEST] RC4 Jay Mobley (Nov 29)
- Re: [PEN-TEST] RC4 Erick fabrizio (Nov 29)
- Re: [PEN-TEST] RC4 Ryan Russell (Nov 29)
- Re: [PEN-TEST] RC4 Chris Deibler (Nov 29)
- Re: [PEN-TEST] RC4 Alan Olsen (Nov 29)
- Re: [PEN-TEST] RC4 Robert van der Meulen (Nov 30)
- [PEN-TEST] RC4 Raju Mathur (Nov 29)