RFC Errata
RFC 4757, "The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows", December 2006
Note: This RFC has been updated by RFC 6649
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
See Also: RFC 4757 w/ inline errata
Errata ID: 1674
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Ganga Mahesh Siddem
Date Reported: 2009-01-30
Verifier Name: Sean Turner
Date Verified: 2011-06-28
Section 7.3 says:
if (encrypt) RC4(Kcrypt, Token.Confounder); // Sum the data buffer Sgn_Cksum += MD5(data); // Append to checksum // Encrypt the data (if encrypting) if (encrypt) RC4(Kcrypt, data);
It should say:
// Sum the data buffer Sgn_Cksum += MD5(data); // Append to checksum // Encrypt the Confounder + data (if encrypting) tmp=concat(Token.Confounder,data); if (encrypt) RC4(Kcrypt, tmp); /* tmp=Confounder + data */ memcpy(Token.Confounder,tmp,8); memcpy(data,tmp+8,(tmp.len-8));
Notes:
Notes : 1.Verified RC4 Encryption and Decryption on (Token.Confounder+Data) with Kcrypt key .
2.Verified RC4(K,x+y) !=RC4(K,x);RC4(K,y)
3.Reporting this issue after Larry's Feedback.