I would like to prefer operate with notorious facts at all and share
with facts known myself, not with suspicions but it's everyone self
matter . And so, RC4 key scheduling vulnerability in Win NT 4.0 and W2K:
1. W2K Kerberos TGT and service ticket - RC4-HMAC- unknown
2. Secure NetLogon Channels - RC4 - possible vulnerable( I know how it
works, but havn't any public reference)
3. PPTP MPPE Key derivation with:
        3.1. MS-CHAP credentials and 40 or 56 bit Session keys -
vulnerable - session key obtained directly from with pswd SHA hash
without any challenge.
        3.2 MS-CHAP credentials with 128 bit session key and MS-CHAPv2
credentials- not vulnerable- session key obtained with pswd and
challenge SHA hash. For more info
http://search.ietf.org/internet-drafts/draft-ietf-pppext-mppe-keys-03.tx
t
4. MS IIS 5.0 amd IE5.0 SSLv3 - not vulnerable
5. SAM password protection with Syskey - unknown

Ivars
     

> -----Original Message-----
> From: Joseph Ashwood [mailto:ashwoodmsn.com]
> Sent: Tuesday, October 09, 2001 10:13 PM
> To: Ivars Suba
> Cc: metaphoneeudoramail.com; mac-cryptovmeng.com;
> cryptographywasabisystems.com; coderpunkstoad.com;
> dcsbai.mit.edu; R.
> A. Hettinga
> Subject: Re: Passport Passwords Stored in Plaintext
>
>
> I never said that "RC4 is insecure" I said that there are increasing
> suspicions that it is insecure, and increasing evidence that
> the suspicions
> are correct. I also said that MS's implementation does not
> take the proper
> precautions to avoid this. The basic necessities to make it
> secure are to
> select the keys at random for each encryption (which isn't
> done) and discard
> the first k bytes (which is not done). Right now doing just
> one of those
> will eliminate the current attacks, but both is strongly
> recommended. So MS
> doesn't do either of the things that is necessary for RC4 to
> be secure, but
> you still think it's secure, may I ask why you decide to
> delude yourself?
> Joe
>
> ----- Original Message -----
> From: "Ivars Suba" <IvarsSbank.lv>
> To: "Joseph Ashwood" <ashwoodmsn.com>
> Cc: <metaphoneeudoramail.com>; <mac-cryptovmeng.com>;
> <cryptographywasabisystems.com>; <coderpunkstoad.com>;
> <dcsbai.mit.edu>;
> "R. A. Hettinga" <rahshipwright.com>
> Sent: Tuesday, October 09, 2001 3:13 AM
> Subject: FW: Passport Passwords Stored in Plaintext
>
>
>
> Joseph Ashwood,
> Your consideration about MS Kerberos RC4-HMAC insecurity is
> incorrect.
> If WEP RC4 key scheduling have weakneses it doesn't mean that RC4-HMAC
> have same weakneses.AlbeitOne thing in MS Kerberos is ever insecure:
> compatibility with MIT kerberos Unix realm authentication with
> DES-CBC-CRC32 encryption mode, which vulnerable cut-and-paste attack
> http://www.core-sdi.com/soft/ssh/ssh-advisory.txt
>
> Ivars Suba
>
> > On Fri, 5 Oct 2001, Joseph Ashwood wrote:
> >
> > > ----- Original Message -----
> > > From: "bernie" <metaphoneeudoramail.com>
> > >
> > > > Some of the people here wants to use the .NET for
> > critical applications.
> > >
> > > I'm sorry.
> > >
> > > > How secure is the .NET?
> > >
> > > The short answer is that it isn't secure. There are two
> > main problems with
> > > it being secure. The first is the password vulnerability
> > that you replied
> > > to. The second is that it uses a custom blended Kerberos-esque
> > > implementation. I say Kerberos-esque because it has some
> significant
> > > problems. First it uses RC4, a cipher which is increasingly
> > being considered
> > > insecure, and in using it windows doesn't take the
> > precautions necessary to
> > > make it secure. They are the only company foolish enough to
> > have embedded
> > > access control information in the kerberos ticket, this
> > adds even more
> > > leaking information, and just enough of it to determine the
> > users password.
> > > Basicly they have made nearly every effort to eliminate the
> > security of the
> > > system while making it appear secure to a layman. For
> > further evidence that
> > > Microsoft can't do anything secure I point to (in no
> > particular order) IIS,
> > > pptp, pptp2, Internet Explorer, Outlook Express, Windows
> > 95, Windows98,
> > > WindowsME, WindowsNT, Windows2000, and while I haven't
> > verified it yet I
> > > believe also WindowsXP. Some of these probably need some
> > explaination, IIS
> > > is the script kiddie choice it has more holes than a pound
> > of Swiss cheese.
> > > pptp was severely broken, pptp2 was slightly less severely
> > broken. Internet
> > > Explorer has had so many security vulnerabilities I can't
> > even count that
> > > high. Outlook Express is a virus writers dream. Windows95
> offered no
> > > security, same with 98 and ME. WindowsNT is subject to
> > extremely basic
> > > attacks on the password system that Microsoft refused to
> > recognise, same
> > > with 2000, and probably the same with XP. In 2000 MS
> > introduced a "secure"
> > > encrypted filesystem which lacked any reasonable ability
> to encrypt
> > > documents securely (it put the keys in a file in plaintext,
> > the file is
> > > easily readable). Even the cryptoAPI that Microsoft
> > designed and offered has
> > > holes in it, allowing arbitrary code to be run in the place
> > of what the
> > > programmer intended. I am unaware of anything microsoft has
> > ever written
> > > that could be considered secure and there is evidence that
> > they plan to
> > > continue this less than stellar performance with .NET.
> > > Joe
> > >
> > >
> > >
> > >
> > >
> >
> ---------------------------------------------------------------------
> > > The Cryptography Mailing List
> > > Unsubscribe by sending "unsubscribe cryptography" to
> > majordomowasabisystems.com
> > >
> >
> >
> >
> >
> >
> ---------------------------------------------------------------------
> > The Cryptography Mailing List
> > Unsubscribe by sending "unsubscribe cryptography" to
> > majordomowasabisystems.com
> >
>
>
>

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]