Subject: Meeting the InCommon Assurance profile criteria using Active Directory
- From: David Walker <>
- Subject: Re: [AD-Assurance] RC4-HMAC and Kerberos
- Date: Mon, 29 Apr 2013 15:20:59 -0700
- Authentication-results: sfpop-ironport04.merit.edu; dkim=pass (signature verified)
I'm pretty sure that language refers to assertions sent to SPs, not the authentication protocol used by an IdP. In InCommon's case, those assertions are SAML, not Kerberos, so we don't have a problem here.
On Mon, 2013-04-29 at 21:42 +0000, Capehart,Jeffrey D wrote:
A note on Kerberos and one more consideration for Alternative Means on RC4-HMAC:
*8. Security Considerations Care must be taken in implementing these encryption types because they use a stream cipher. If a different IV is not used in each direction when using a session key, the encryption is weak. By using the sequence number as an IV, this is avoided. There are two classes of attack on RC4 described in [MIRONOV]. Strong distinguishers distinguish an RC4 keystream from randomness at the start of the stream. Weak distinguishers can operate on any part of the keystream, and the best ones, described in [FMcG] and [MANTIN05], can exploit data from multiple, different keystreams. A consequence of these is that encrypting the same data (for instance, a password) sufficiently many times in separate RC4 keystreams can be sufficient to leak information to an adversary. The encryption types defined in this document defend against these by constructing a new keystream for every message. However, it is RECOMMENDED not to use the RC4 encryption types defined in this document for high-volume connections.
- [AD-Assurance] RC4-HMAC and Kerberos, Capehart,Jeffrey D, 04/29/2013
- [AD-Assurance] RE: RC4-HMAC and Kerberos, Eric Goodman, 04/29/2013
- Re: [AD-Assurance] RC4-HMAC and Kerberos, David Walker, 04/29/2013
Archive powered by MHonArc 2.6.16.