OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Joseph Ashwood (ashwoodmsn.com)
Date: Tue Oct 09 2001 - 14:13:18 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I never said that "RC4 is insecure" I said that there are increasing
    suspicions that it is insecure, and increasing evidence that the suspicions
    are correct. I also said that MS's implementation does not take the proper
    precautions to avoid this. The basic necessities to make it secure are to
    select the keys at random for each encryption (which isn't done) and discard
    the first k bytes (which is not done). Right now doing just one of those
    will eliminate the current attacks, but both is strongly recommended. So MS
    doesn't do either of the things that is necessary for RC4 to be secure, but
    you still think it's secure, may I ask why you decide to delude yourself?
                        Joe

    ----- Original Message -----
    From: "Ivars Suba" <IvarsSbank.lv>
    To: "Joseph Ashwood" <ashwoodmsn.com>
    Cc: <metaphoneeudoramail.com>; <mac-cryptovmeng.com>;
    <cryptographywasabisystems.com>; <coderpunkstoad.com>; <dcsbai.mit.edu>;
    "R. A. Hettinga" <rahshipwright.com>
    Sent: Tuesday, October 09, 2001 3:13 AM
    Subject: FW: Passport Passwords Stored in Plaintext

    Joseph Ashwood,
     Your consideration about MS Kerberos RC4-HMAC insecurity is incorrect.
    If WEP RC4 key scheduling have weakneses it doesn't mean that RC4-HMAC
    have same weakneses.AlbeitOne thing in MS Kerberos is ever insecure:
    compatibility with MIT kerberos Unix realm authentication with
    DES-CBC-CRC32 encryption mode, which vulnerable cut-and-paste attack
    http://www.core-sdi.com/soft/ssh/ssh-advisory.txt

    Ivars Suba

    > On Fri, 5 Oct 2001, Joseph Ashwood wrote:
    >
    > > ----- Original Message -----
    > > From: "bernie" <metaphoneeudoramail.com>
    > >
    > > > Some of the people here wants to use the .NET for
    > critical applications.
    > >
    > > I'm sorry.
    > >
    > > > How secure is the .NET?
    > >
    > > The short answer is that it isn't secure. There are two
    > main problems with
    > > it being secure. The first is the password vulnerability
    > that you replied
    > > to. The second is that it uses a custom blended Kerberos-esque
    > > implementation. I say Kerberos-esque because it has some significant
    > > problems. First it uses RC4, a cipher which is increasingly
    > being considered
    > > insecure, and in using it windows doesn't take the
    > precautions necessary to
    > > make it secure. They are the only company foolish enough to
    > have embedded
    > > access control information in the kerberos ticket, this
    > adds even more
    > > leaking information, and just enough of it to determine the
    > users password.
    > > Basicly they have made nearly every effort to eliminate the
    > security of the
    > > system while making it appear secure to a layman. For
    > further evidence that
    > > Microsoft can't do anything secure I point to (in no
    > particular order) IIS,
    > > pptp, pptp2, Internet Explorer, Outlook Express, Windows
    > 95, Windows98,
    > > WindowsME, WindowsNT, Windows2000, and while I haven't
    > verified it yet I
    > > believe also WindowsXP. Some of these probably need some
    > explaination, IIS
    > > is the script kiddie choice it has more holes than a pound
    > of Swiss cheese.
    > > pptp was severely broken, pptp2 was slightly less severely
    > broken. Internet
    > > Explorer has had so many security vulnerabilities I can't
    > even count that
    > > high. Outlook Express is a virus writers dream. Windows95 offered no
    > > security, same with 98 and ME. WindowsNT is subject to
    > extremely basic
    > > attacks on the password system that Microsoft refused to
    > recognise, same
    > > with 2000, and probably the same with XP. In 2000 MS
    > introduced a "secure"
    > > encrypted filesystem which lacked any reasonable ability to encrypt
    > > documents securely (it put the keys in a file in plaintext,
    > the file is
    > > easily readable). Even the cryptoAPI that Microsoft
    > designed and offered has
    > > holes in it, allowing arbitrary code to be run in the place
    > of what the
    > > programmer intended. I am unaware of anything microsoft has
    > ever written
    > > that could be considered secure and there is evidence that
    > they plan to
    > > continue this less than stellar performance with .NET.
    > > Joe
    > >
    > >
    > >
    > >
    > >
    > ---------------------------------------------------------------------
    > > The Cryptography Mailing List
    > > Unsubscribe by sending "unsubscribe cryptography" to
    > majordomowasabisystems.com
    > >
    >
    >
    >
    >
    > ---------------------------------------------------------------------
    > The Cryptography Mailing List
    > Unsubscribe by sending "unsubscribe cryptography" to
    > majordomowasabisystems.com
    >