Hi, I have heard recently that with RC4 there appears to be a generic weakness with the standard implementation of the algorithm. Research by Fluhrer, Mantin and Shamir demonstrated that all RC4 keys are vulnerable to brute-forcing attacks as the first few bytes of output keystream are non-random. Thus information about the key can be deduced by an attacker so reducing the computational effort required to de-crypt the message. The recommended crypto-system defence against this attack is to discard the initial portion of the keystream (e.g. the first 1024 bytes) before using it. This removes the predictable part of the key making it harder to brute force the encryption key. Can somebody let me know how the Kerberos standard use of RC4 addresses this issue ? Thanks Tim ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
