Errata Search
RFC Number:		Errata ID:
Source of RFC		Status:	All/Any Verified+Reported Verified Reported Held for Document Update Rejected
Area Acronym:	All/Any app art gen int ops rai rtg sec tsv wit	Type:	All/Any Editorial Technical
WG Acronym:		Submitter Name:
Other:	All/Any IAB INDEPENDENT IRTF Legacy Editorial	Date Submitted:
Summary Table Full Records

RFC 4757, "The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows", December 2006

Note: This RFC has been updated by RFC 6649

Source of RFC: IETF - NON WORKING GROUP
Area Assignment: sec
See Also: RFC 4757 w/ inline errata

---

Errata ID: 1372
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Kevin Coffman
Date Reported: 2008-03-14
Verifier Name: Sean Turner
Date Verified: 2011-06-01

Section 7.3 says:

 // Generate checksum of message -
 //  SGN_CKSUM + Token.Confounder
 //   Key derivation salt = 15

 Sgn_Cksum = MD5((int32)15, Token.Header,
                Token.Confounder);

It should say:

 // Generate checksum of message -
 //  SGN_CKSUM + Token.Confounder
 //   Key derivation salt = 13

 Sgn_Cksum = MD5((int32)13, Token.Header,
                Token.Confounder);

Notes:

The final RFC appears to have cut-and-paste typo regarding the salt value used when generating the checksum for a WRAP token. The value used for a MIC token is 15, the value used for a WRAP token is 13.

Love Hörnquist Åstrand <lha@kth.se> pointed out that an earlier draft shows the values actually in use:

http://tools.ietf.org/html/draft-brezak-win2k-krb-rc4-hmac-02

Report New Errata