Full Disclosure mailing list archives

Re: RC4 and Lotus Notes

From: Derek Atkins <derek () ihtfp com>
Date: 21 Apr 2003 11:07:59 -0400

While RC4 does have some weaknesses in its key scheduling, that alone
does not make it a weak cipher.  Indeed, the WEP break was not due
solely to RC4 -- most of the problem was that WEP used RC4
incorrectly.  It is perfectly reasonable to use RC4-256 (are you SURE
it's using a 256-bit key?) in a "secure" application.  You just need
to be careful to:

        a) use real, unique IVs
        b) use different, unique, random keys in both directions
        c) discard the first N bytes of the cipher (IIRC 256-1024)
        d) never.. EVER re-use a key

WEP's problem was that it violated all four of these rules, which is
why it was broken.  The fact that WEP's IV was only 24 bits didn't
help -- 24 bits wraps around pretty quickly on a busy network.  Worse,
the IV gets re-set if the AP gets rebooted.

So, don't fear RC4 just because it's RC4..  Fear RC4 because most people
don't know how to _use_ it properly.  :)

-derek

aliver () xexil com writes:

      While developing something boring using the Lotus C API for Linux.
I noticed while using valgrind that functions like NSFNoteDecrypt()  and
NSFNoteIsSignedOrSealed() are still making use of RC4 encryption with a
256 bit key even when I use "strong" encryption settings in it's lame
windows MegaGUI. IIRC, RC4 is known to have some weaknesses in it's key
scheduling that have yielded some interesting results (WEP, Winnt, etc..).
      I'm pretty sure my libnotes.so is up to date. Am I misinformed
about the choice of crypto in Lotus Notes? Anyone know of plans to change
this? I guess it doesn't matter since nobody is masochistic enough to work
on a brute forcer for something as nasty as LN. It's what you call
"security-through-being-so-disgusting-no-one-will-play-with-you" or "the
hagfish method."

aliver


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


-- 
       Derek Atkins
       Computer and Internet Security Consultant
       derek () ihtfp com             www.ihtfp.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

RC4 and Lotus Notes aliver (Apr 21)
- Re: RC4 and Lotus Notes HAYAKAWA Hitoshi (Apr 21)
- Re: RC4 and Lotus Notes Derek Atkins (Apr 21)
- <Possible follow-ups>
- Re: RC4 and Lotus Notes aliver (Apr 21)