Re: [PEN-TEST] RC4 (fwd)

["Stephen V. Arehart" <panic () TWU NET>]

Al:
        I sent this response to Jay privately. It's a bit long-winded, so
I initially didn't send it to the pen-test list. However, after further
consideration, I thought that others might benefit from the response. I
totally understand it if you reject the post because of the length.
        Thanks for hosting and moderating the pen-test list for us!

=====================
Stephen V. Arehart
=====================

Jay:
        There are a couple of issues in your question I would like to
address.
        RC4 is a variable-length key stream cipher algorithm whose source
has been publicly known since circa 1994 (base on some quick internet
browsing - the more technically astute can correctly my terse description
of the algorithm). According to Bruce Schneier, publicly known,
well-scrutinized algorithms stand a much better chance of surviving an
attack versus private, "secret" algorithms. In Bruce's book "Applied
Cryptography" (which I *highly* recommend), there's an axiom proposed in
the initial chapters (I can't remember whose axiom it is) that "the
secrecy of any algorithm should depend solely on the secrecy of the key".
        Having said that, there are several potential weaknesses in any
encryption implementation that have little to do with the base algorithm,
including:

1) algorithm implementation - did the software engineers correctly
implement the algorithm.

2) key management - a super-duper encryption
algorithm with a massive key will do nothing for you if the key is XOR'ed
and stored in the registry, or if the plaintext of the key is sitting on a
post-it note under the keyboard. All an attacker has to do is attack the
key management, not the algorithm itself.

3) utilizing the entire keyspace- in _Applied Cryptography_, Bruce
mentions that certain file encryption programs that have been developed
are based on DES (which uses 56 bits of an initial 64 bit key (8 bits are
used for parity), but actually reduce the total effective keyspace by
changing all letters to uppercase and truncating the key at 40
bits.

There's another aspect as well. In your question below, you ask if "one
has the source code to an encryption standard..how secure is that
standard?" This depends. For instance, I could write an encryption
algorithm that I myself can't seem to break, post it on the internet with
full source and proclaim "Hey - you have the source code, so it *must* be
secure!" It doesn't really work like that. In terms of security, a
publicly-known, and *well-scrutinized* algorithm stands a good chance of
surviving an attack. However, there are few publicly known algorithms that
have also been well-scrutinized, and just because the algorithm is
public doesn't mean it's secure. So, if you believe all that I have
written, the public availability of an algorithm is necessary, but not
sufficient on it's own to guarantee the algorithm's security.
        In terms of RC4, I can't really tell you much, becuase I don't
know too much about stream ciphers. However, I can tell you that experts
are recommending that 56-bit DES is just not secure anymore - it's too
easy to build a brute-force DES cracker (at a cost of about $250,000 or
so). In his book, Bruce states that he doesn't really consider any
symmetric algorithm secure if it has a key smaller than about 112 bits.
        Your best bet is to make sure your keys are safe, and concentrate
on securing NT on your terminal server before worrying too much about the
encryption algorithm it is using. After that, go buy a copy of Bruce's
book - it is one of the best resources on this subject. He also has a nice
website at:

http://www.counterpane.com/labs.html

They "Crypto-Gram" newsletters are particularly interesting.

I hope this helps, and I hope it wasn't too long-winded. Take it easy!


=====================
Stephen V. Arehart
=====================

On Tue, 28 Nov 2000, Jay Mobley wrote:

> So , I am not pen-testing anything, but rather looking at some of my own
> venurabilities... and in doing so I learn that my Win2k Terminal server
> sends data to and from its client in a data stream encrypted with RC4. And
> in researching what I could about RC4 , I have seen time and time again that
> RC4 source was posted to a public usenet forum..... So my question is
> this... If one has the source code to an encryption standard... how secure
> is that standard???
>
>
> -Jay Mobley
> Interactive Explorers