Re: [PEN-TEST] RC4

[Ryan Russell <ryan () SECURITYFOCUS COM>]

On Tue, 28 Nov 2000, Jay Mobley wrote:

> So , I am not pen-testing anything, but rather looking at some of my own
> venurabilities... and in doing so I learn that my Win2k Terminal server
> sends data to and from its client in a data stream encrypted with RC4. And
> in researching what I could about RC4 , I have seen time and time again that
> RC4 source was posted to a public usenet forum..... So my question is
> this... If one has the source code to an encryption standard... how secure
> is that standard???

RC4 isn't too bad.  RC5 should be used in most cases instead, according to
crypto people who know lots more than I.  As for the algorithm being
public.. there is ample evidence to support the idea that publically
scrutinized crypto algorithms (that survive the scrutiny) are more secure
than those that are secret (and therefore haven't been scrutinized.)  The
security is supposed to be in the key.

Back to your original question, even though RC4 is probably secure enough
on it's own, there is still plenty of opportunity to screw it up in the
implementation.  This would include things like trying to take a
user-selected password that's good for about 20 bits of entropy, and
trying to make a 128 bit key out of it, using the same key in both
directions, things like that.

Probably a good place to look for analogies is the various PPTP weakness
writeups that have been done.

If I recall, the Citrix protocols that this is all based on do not require
any domain memberships on the parts of the participating Windows
machines.  Therefore, there is nothing else to base the encryption on
other than the password of the user.  Usually quite atackable in those
types of circumstances.

                                        Ryan