Re: [PEN-TEST] RC4

[Alan Olsen <alan () CLUESERVER ORG>]

On Tue, 28 Nov 2000, Jay Mobley wrote:

> So , I am not pen-testing anything, but rather looking at some of my own
> venurabilities... and in doing so I learn that my Win2k Terminal server
> sends data to and from its client in a data stream encrypted with RC4. And
> in researching what I could about RC4 , I have seen time and time again that
> RC4 source was posted to a public usenet forum..... So my question is
> this... If one has the source code to an encryption standard... how secure
> is that standard???

Believe it or not, much more than the security of one without the source
revealed.

RC4 has been examined by cryptographers the world over. It has been
pounded on and found that it can withstand the abuse.  An algorythm that
has not been revealed to the public is less secure because it can hold
design flaws that are not obvious to the designer.  (Many algorythms have
been shot down by rival cryptographers, sometimes in the middle of
presenting the algorithm publically for the first time. SSL v1.0 is one
such case.)

Interestingly enough, RSA Inc tried to keep RC4 and RC2 as "trade
secrets", only letting you examine them after signing lots of NDAs.  The
source was revealed when someone posted it through a remailer to the
Cypherpunks list and sci.crypt. (They reverse engenered it, probably from
the BSAFE kit.) Sometimes you will see code refered to as "ARC4". This is
RC4 from the publically released code, but under a different name due to
Trademark issues. (RC4 is a trademark of RSA Inc.)

Since then, RC4 has recieved much more examination and found to be strong
AS LONG AS IT IS IMPLEMENTED CORRECTLY.

Here is where people get caught though...

They think because they are using algorythm X, that they are safe.  Not
always true.

If the key exchange leaks information (or the key), then it can be
intercepted.

If you can fake being the site in the middle (due to improper
authentication), then data can be intercepted.

If you can reuse captured authentication information later, you may be
able to get in.

If the key does not cover the entire key space, then it may be easier to
brute force. (This is more common than you would believe.)

There are a whole host of problems that are not related to the transport
encryption.  ALL of them have tobe good or the whole process falls apart.

In the case of Microsoft protocols, take a look at the white papers on
PPTP v1.0 and v2.0 on http://www.counterpane.com/. That is one example.

Since Microsoft has kept the RDP protocol under wraps, it is difficult to
know just how secure it is without reverse engeneering it. (Followed by
the fight to the death in a pit filled with hungey lawyers.)

alan () ctrl-alt-del com | Note to AOL users: for a quick shortcut to reply
Alan Olsen            | to my mail, just hit the ctrl, alt and del keys.
    "In the future, everything will have its 15 minutes of blame."