Penetration Testing
mailing list archives
Re: [PENTEST] RC4 (fwd)
From: "Stephen V. Arehart" <panic () TWU NET>
Date: Wed, 29 Nov 2000 09:51:48 0500
Al:
I sent this response to Jay privately. It's a bit longwinded, so
I initially didn't send it to the pentest list. However, after further
consideration, I thought that others might benefit from the response. I
totally understand it if you reject the post because of the length.
Thanks for hosting and moderating the pentest list for us!
=====================
Stephen V. Arehart
=====================
Jay:
There are a couple of issues in your question I would like to
address.
RC4 is a variablelength key stream cipher algorithm whose source
has been publicly known since circa 1994 (base on some quick internet
browsing  the more technically astute can correctly my terse description
of the algorithm). According to Bruce Schneier, publicly known,
wellscrutinized algorithms stand a much better chance of surviving an
attack versus private, "secret" algorithms. In Bruce's book "Applied
Cryptography" (which I *highly* recommend), there's an axiom proposed in
the initial chapters (I can't remember whose axiom it is) that "the
secrecy of any algorithm should depend solely on the secrecy of the key".
Having said that, there are several potential weaknesses in any
encryption implementation that have little to do with the base algorithm,
including:
1) algorithm implementation  did the software engineers correctly
implement the algorithm.
2) key management  a superduper encryption
algorithm with a massive key will do nothing for you if the key is XOR'ed
and stored in the registry, or if the plaintext of the key is sitting on a
postit note under the keyboard. All an attacker has to do is attack the
key management, not the algorithm itself.
3) utilizing the entire keyspace in _Applied Cryptography_, Bruce
mentions that certain file encryption programs that have been developed
are based on DES (which uses 56 bits of an initial 64 bit key (8 bits are
used for parity), but actually reduce the total effective keyspace by
changing all letters to uppercase and truncating the key at 40
bits.
There's another aspect as well. In your question below, you ask if "one
has the source code to an encryption standard..how secure is that
standard?" This depends. For instance, I could write an encryption
algorithm that I myself can't seem to break, post it on the internet with
full source and proclaim "Hey  you have the source code, so it *must* be
secure!" It doesn't really work like that. In terms of security, a
publiclyknown, and *wellscrutinized* algorithm stands a good chance of
surviving an attack. However, there are few publicly known algorithms that
have also been wellscrutinized, and just because the algorithm is
public doesn't mean it's secure. So, if you believe all that I have
written, the public availability of an algorithm is necessary, but not
sufficient on it's own to guarantee the algorithm's security.
In terms of RC4, I can't really tell you much, becuase I don't
know too much about stream ciphers. However, I can tell you that experts
are recommending that 56bit DES is just not secure anymore  it's too
easy to build a bruteforce DES cracker (at a cost of about $250,000 or
so). In his book, Bruce states that he doesn't really consider any
symmetric algorithm secure if it has a key smaller than about 112 bits.
Your best bet is to make sure your keys are safe, and concentrate
on securing NT on your terminal server before worrying too much about the
encryption algorithm it is using. After that, go buy a copy of Bruce's
book  it is one of the best resources on this subject. He also has a nice
website at:
http://www.counterpane.com/labs.html
They "CryptoGram" newsletters are particularly interesting.
I hope this helps, and I hope it wasn't too longwinded. Take it easy!
=====================
Stephen V. Arehart
=====================
On Tue, 28 Nov 2000, Jay Mobley wrote:
So , I am not pentesting anything, but rather looking at some of my own
venurabilities... and in doing so I learn that my Win2k Terminal server
sends data to and from its client in a data stream encrypted with RC4. And
in researching what I could about RC4 , I have seen time and time again that
RC4 source was posted to a public usenet forum..... So my question is
this... If one has the source code to an encryption standard... how secure
is that standard???
Jay Mobley
Interactive Explorers
By Date
By Thread
Current thread:
 Re: [PENTEST] RC4 (fwd) Stephen V. Arehart (Nov 30)
