RFC Errata
RFC 4757, "The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows", December 2006
Note: This RFC has been updated by RFC 6649
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
See Also: RFC 4757 w/ inline errata
Errata ID: 1674
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Ganga Mahesh Siddem
Date Reported: 2009-01-30
Verifier Name: Sean Turner
Date Verified: 2011-06-28
Section 7.3 says:
if (encrypt)
RC4(Kcrypt, Token.Confounder);
// Sum the data buffer
Sgn_Cksum += MD5(data); // Append to checksum
// Encrypt the data (if encrypting)
if (encrypt)
RC4(Kcrypt, data);
It should say:
// Sum the data buffer
Sgn_Cksum += MD5(data); // Append to checksum
// Encrypt the Confounder + data (if encrypting)
tmp=concat(Token.Confounder,data);
if (encrypt)
RC4(Kcrypt, tmp); /* tmp=Confounder + data */
memcpy(Token.Confounder,tmp,8);
memcpy(data,tmp+8,(tmp.len-8));
Notes:
Notes : 1.Verified RC4 Encryption and Decryption on (Token.Confounder+Data) with Kcrypt key .
2.Verified RC4(K,x+y) !=RC4(K,x);RC4(K,y)
3.Reporting this issue after Larry's Feedback.