Penetration Testing mailing list archives
Re: [PEN-TEST] RC4 (fwd)
From: "Stephen V. Arehart" <panic () TWU NET>
Date: Wed, 29 Nov 2000 09:51:48 -0500
Al: I sent this response to Jay privately. It's a bit long-winded, so I initially didn't send it to the pen-test list. However, after further consideration, I thought that others might benefit from the response. I totally understand it if you reject the post because of the length. Thanks for hosting and moderating the pen-test list for us! ===================== Stephen V. Arehart ===================== Jay: There are a couple of issues in your question I would like to address. RC4 is a variable-length key stream cipher algorithm whose source has been publicly known since circa 1994 (base on some quick internet browsing - the more technically astute can correctly my terse description of the algorithm). According to Bruce Schneier, publicly known, well-scrutinized algorithms stand a much better chance of surviving an attack versus private, "secret" algorithms. In Bruce's book "Applied Cryptography" (which I *highly* recommend), there's an axiom proposed in the initial chapters (I can't remember whose axiom it is) that "the secrecy of any algorithm should depend solely on the secrecy of the key". Having said that, there are several potential weaknesses in any encryption implementation that have little to do with the base algorithm, including: 1) algorithm implementation - did the software engineers correctly implement the algorithm. 2) key management - a super-duper encryption algorithm with a massive key will do nothing for you if the key is XOR'ed and stored in the registry, or if the plaintext of the key is sitting on a post-it note under the keyboard. All an attacker has to do is attack the key management, not the algorithm itself. 3) utilizing the entire keyspace- in _Applied Cryptography_, Bruce mentions that certain file encryption programs that have been developed are based on DES (which uses 56 bits of an initial 64 bit key (8 bits are used for parity), but actually reduce the total effective keyspace by changing all letters to uppercase and truncating the key at 40 bits. There's another aspect as well. In your question below, you ask if "one has the source code to an encryption standard..how secure is that standard?" This depends. For instance, I could write an encryption algorithm that I myself can't seem to break, post it on the internet with full source and proclaim "Hey - you have the source code, so it *must* be secure!" It doesn't really work like that. In terms of security, a publicly-known, and *well-scrutinized* algorithm stands a good chance of surviving an attack. However, there are few publicly known algorithms that have also been well-scrutinized, and just because the algorithm is public doesn't mean it's secure. So, if you believe all that I have written, the public availability of an algorithm is necessary, but not sufficient on it's own to guarantee the algorithm's security. In terms of RC4, I can't really tell you much, becuase I don't know too much about stream ciphers. However, I can tell you that experts are recommending that 56-bit DES is just not secure anymore - it's too easy to build a brute-force DES cracker (at a cost of about $250,000 or so). In his book, Bruce states that he doesn't really consider any symmetric algorithm secure if it has a key smaller than about 112 bits. Your best bet is to make sure your keys are safe, and concentrate on securing NT on your terminal server before worrying too much about the encryption algorithm it is using. After that, go buy a copy of Bruce's book - it is one of the best resources on this subject. He also has a nice website at: http://www.counterpane.com/labs.html They "Crypto-Gram" newsletters are particularly interesting. I hope this helps, and I hope it wasn't too long-winded. Take it easy! ===================== Stephen V. Arehart ===================== On Tue, 28 Nov 2000, Jay Mobley wrote:
So , I am not pen-testing anything, but rather looking at some of my own venurabilities... and in doing so I learn that my Win2k Terminal server sends data to and from its client in a data stream encrypted with RC4. And in researching what I could about RC4 , I have seen time and time again that RC4 source was posted to a public usenet forum..... So my question is this... If one has the source code to an encryption standard... how secure is that standard??? -Jay Mobley Interactive Explorers
Current thread:
- Re: [PEN-TEST] RC4 (fwd) Stephen V. Arehart (Nov 30)