RFC Errata
RFC 4757, "The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows", December 2006
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
See Also: RFC 4757 w/ inline errata
Errata ID: 1647
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Ganga Mahesh Siddem
Date Reported: 2008-12-31
Verifier Name: Sean Turner
Date Verified: 2011-06-01
Section 7.2 and 7.3 says:
In 7.2: if (exportable) { Kseq = HMAC(Kss, "fortybits", (int32)0); // len includes terminating null memset(Kseq+7, 0xab, 7) } In 7.3: if (exportable) { Kcrypt = HMAC(Klocal, "fortybits", (int32)0); // len includes terminating null memset(Kcrypt+7, 0xab, 7); } Again in 7.3: if (exportable) { Kseq = HMAC(Kss, "fortybits", (int32)0); // len includes terminating null memset(Kseq+7, 0xab, 7) }
It should say:
In 7.2: if (export) { Kseq = HMAC(Kss, "fortybits", (int32)0); // len includes terminating null memset(Kseq+7, 0xab, 7) } In 7.3: if (export) { Kcrypt = HMAC(Klocal, "fortybits", (int32)0); // len includes terminating null memset(Kcrypt+7, 0xab, 7); } Again in 7.3: if (export) { Kseq = HMAC(Kss, "fortybits", (int32)0); // len includes terminating null memset(Kseq+7, 0xab, 7) }
Notes:
misnamed "export" argument . Larry Zhu confirmed this issue
Sean Turner add (as pointed out by Magnus Nystrom) that there were actually three exportable/export replacements needed: 1 in Section 7.2 and two in Section 7.3.