RFC Errata
Found 8 records.
Status: Verified (8)
RFC 4757, "The RC4-HMAC Kerberos Encryption Types Used by Microsoft Windows", December 2006
Note: This RFC has been updated by RFC 6649
Source of RFC: IETF - NON WORKING GROUPArea Assignment: sec
Errata ID: 1372
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Kevin Coffman
Date Reported: 2008-03-14
Verifier Name: Sean Turner
Date Verified: 2011-06-01
Section 7.3 says:
// Generate checksum of message - // SGN_CKSUM + Token.Confounder // Key derivation salt = 15 Sgn_Cksum = MD5((int32)15, Token.Header, Token.Confounder);
It should say:
// Generate checksum of message - // SGN_CKSUM + Token.Confounder // Key derivation salt = 13 Sgn_Cksum = MD5((int32)13, Token.Header, Token.Confounder);
Notes:
The final RFC appears to have cut-and-paste typo regarding the salt value used when generating the checksum for a WRAP token. The value used for a MIC token is 15, the value used for a WRAP token is 13.
Love Hörnquist Åstrand <lha@kth.se> pointed out that an earlier draft shows the values actually in use:
http://tools.ietf.org/html/draft-brezak-win2k-krb-rc4-hmac-02
Errata ID: 1646
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Luke Howard
Date Reported: 2008-12-29
Verifier Name: Sean Turner
Date Verified: 2011-06-01
Section 7.2 7.3 says:
Kseq = HMAC(Kss, "fortybits", (int32)0); // len includes terminating null memset(Kseq+7, 0xab, 7)
It should say:
Kseq = HMAC(Kss, "fortybits", (int32)0); // len includes terminating null memset(Kseq+7, 0xab, 9)
Notes:
applies both to section 7.2 and 7.3, confirmed by Larry Zhu
Errata ID: 1674
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Ganga Mahesh Siddem
Date Reported: 2009-01-30
Verifier Name: Sean Turner
Date Verified: 2011-06-28
Section 7.3 says:
if (encrypt) RC4(Kcrypt, Token.Confounder); // Sum the data buffer Sgn_Cksum += MD5(data); // Append to checksum // Encrypt the data (if encrypting) if (encrypt) RC4(Kcrypt, data);
It should say:
// Sum the data buffer Sgn_Cksum += MD5(data); // Append to checksum // Encrypt the Confounder + data (if encrypting) tmp=concat(Token.Confounder,data); if (encrypt) RC4(Kcrypt, tmp); /* tmp=Confounder + data */ memcpy(Token.Confounder,tmp,8); memcpy(data,tmp+8,(tmp.len-8));
Notes:
Notes : 1.Verified RC4 Encryption and Decryption on (Token.Confounder+Data) with Kcrypt key .
2.Verified RC4(K,x+y) !=RC4(K,x);RC4(K,y)
3.Reporting this issue after Larry's Feedback.
Errata ID: 1675
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Ganga Mahesh Siddem
Date Reported: 2009-01-30
Verifier Name: Sean Turner
Date Verified: 2011-06-01
Section 7.3 says:
// Create the sequence number if (direction == sender_is_initiator) { memset(&Token.SEND_SEQ[4], 0xff, 4) } else if (direction == sender_is_acceptor) { memset(&Token.SEND_SEQ[4], 0, 4) }
It should say:
// Create the sequence number if (direction == sender_is_initiator) { memset(&Token.SEND_SEQ[4], 0, 4) } else if (direction == sender_is_acceptor) { memset(&Token.SEND_SEQ[4], 0xff, 4) }
Notes:
SEND_SEQ values are interchanged .
Errata ID: 2562
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Michiko Short
Date Reported: 2010-10-13
Verifier Name: Sean Turner
Date Verified: 2011-06-01
Section 3 says:
9. TGS-REP encrypted part (includes application session key), encrypted with the TGS authenticator subkey (T=8)
It should say:
9. TGS-REP encrypted part (includes application session key), encrypted with the TGS authenticator subkey (T=9)
Notes:
Typo
Errata ID: 2628
Status: Verified
Type: Technical
Publication Format(s) : TEXT
Reported By: Matthias Schertler
Date Reported: 2010-11-12
Verifier Name: Sean Turner
Date Verified: 2011-06-01
Section 5 says:
nonce (edata.Confounder, 8); memcpy (edata.Data, data); edata.Checksum = HMAC (K2, edata);
It should say:
nonce (edata.Confounder, 8); memcpy (edata.Data, data); edata.Checksum = HMAC (K2, concat(edata.Confounder, edata.Data));
Errata ID: 1647
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Ganga Mahesh Siddem
Date Reported: 2008-12-31
Verifier Name: Sean Turner
Date Verified: 2011-06-01
Section 7.2 and 7.3 says:
In 7.2: if (exportable) { Kseq = HMAC(Kss, "fortybits", (int32)0); // len includes terminating null memset(Kseq+7, 0xab, 7) } In 7.3: if (exportable) { Kcrypt = HMAC(Klocal, "fortybits", (int32)0); // len includes terminating null memset(Kcrypt+7, 0xab, 7); } Again in 7.3: if (exportable) { Kseq = HMAC(Kss, "fortybits", (int32)0); // len includes terminating null memset(Kseq+7, 0xab, 7) }
It should say:
In 7.2: if (export) { Kseq = HMAC(Kss, "fortybits", (int32)0); // len includes terminating null memset(Kseq+7, 0xab, 7) } In 7.3: if (export) { Kcrypt = HMAC(Klocal, "fortybits", (int32)0); // len includes terminating null memset(Kcrypt+7, 0xab, 7); } Again in 7.3: if (export) { Kseq = HMAC(Kss, "fortybits", (int32)0); // len includes terminating null memset(Kseq+7, 0xab, 7) }
Notes:
misnamed "export" argument . Larry Zhu confirmed this issue
Sean Turner add (as pointed out by Magnus Nystrom) that there were actually three exportable/export replacements needed: 1 in Section 7.2 and two in Section 7.3.
Errata ID: 1651
Status: Verified
Type: Editorial
Publication Format(s) : TEXT
Reported By: Ganga Mahesh Siddem
Date Reported: 2009-01-10
Verifier Name: Sean Turner
Date Verified: 2011-06-01
Section 7.3 says:
// new encryption key salted with seq Kcrypt = HMAC(Kcrypt, (int32)seq);
It should say:
// new encryption key salted with seq Kcrypt = HMAC(Kcrypt, (int32)seq_num);
Notes:
misnamed "seq" argument in HMAC function .