RFC Errata
RFC 4757, "The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows", December 2006
Note: This RFC has been updated by RFC 6649
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
See Also: RFC 4757 w/ inline errata
Errata ID: 1647
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Ganga Mahesh Siddem
Date Reported: 2008-12-31
Verifier Name: Sean Turner
Date Verified: 2011-06-01
Section 7.2 and 7.3 says:
In 7.2:
if (exportable)
{
Kseq = HMAC(Kss, "fortybits", (int32)0);
// len includes terminating null
memset(Kseq+7, 0xab, 7)
}
In 7.3:
if (exportable)
{
Kcrypt = HMAC(Klocal, "fortybits", (int32)0);
// len includes terminating null
memset(Kcrypt+7, 0xab, 7);
}
Again in 7.3:
if (exportable)
{
Kseq = HMAC(Kss, "fortybits", (int32)0);
// len includes terminating null
memset(Kseq+7, 0xab, 7)
}
It should say:
In 7.2:
if (export)
{
Kseq = HMAC(Kss, "fortybits", (int32)0);
// len includes terminating null
memset(Kseq+7, 0xab, 7)
}
In 7.3:
if (export)
{
Kcrypt = HMAC(Klocal, "fortybits", (int32)0);
// len includes terminating null
memset(Kcrypt+7, 0xab, 7);
}
Again in 7.3:
if (export)
{
Kseq = HMAC(Kss, "fortybits", (int32)0);
// len includes terminating null
memset(Kseq+7, 0xab, 7)
}
Notes:
misnamed "export" argument . Larry Zhu confirmed this issue
Sean Turner add (as pointed out by Magnus Nystrom) that there were actually three exportable/export replacements needed: 1 in Section 7.2 and two in Section 7.3.