RC4 Authentication

Posted on 2005-04-12
Medium Priority
Last Modified: 2010-04-11
I am planning on using RC4 for some light security for my program to communicate via TCP/IP. Here is how I am planning to have it work.

User send their username to the server.
The server replies back with a random key that is encrypted with the users password.
The user then Decrypts the Key using their Password.
The user replies back with their password encrypted using the key that was just decrypted.
The server decrypts the package using the Key to verify the user.

Is this a some what decent light security measure? How would you rate this type of method? What would be a better method? I am thinking that this would not be half bad considering the password will never be transmitted in the clear but I want to make sure.
Question by:sk33v3
LVL 38

Accepted Solution

Rich Rumble earned 2000 total points
ID: 13769150
This is no differnet than any challenge response authentication. NT and Kerberos both do primarily the same thing:
NT- A request is sent from pc1to a server1 for permission to access a share (or what have you)
Server1 ask's DomainController to authenticate pc1. DomainController says, hey pc1, encrypt this "challenge" with your password
Pc1 encrypts the challenge, and sends to DC. It matches, DC says ok, server1, pc1 passed the test let him in

AD/Kerberos auth- A request is sent from pc1to a server1 for permission to access a share (or what have you)
server1 asks GlobalCatalog server to auth pc1. GC says, hey pc1, encrypt this time-stamp with your password
Pc1 encrypts the timestamp, and sends to GC. It matches, GC says ok, server1, pc1 passed the test let him in for a few minutes, then we'll check again...

The attack that works on both is that the challenge or timestamp can be sniffed. I can use L0phtCrack or Cain&Able to sniff NT hash's, cain can even do kerberos- (but didn't before the author was pointed to KerbCrack from ntsecurity.nu) then run a dictionary attack, or even just plain bruteforce to recover the password that encryted the challenge, or the password that encrypted the timestamp. The timestamp has a 5minute +/- margin of error, so it takes a bit more time, but not much.

Your method would be, in my opinion, less than or equal to NTLM, it is stronger than LM (lanman) which is the default auth, even in 2003 and xp machines.
The one thing you sort of have going for you is that people don't have automated rc4 sniffers like they do with kerberos and lm/ntlm/ntlmv2. RC4 is a bit outdated and has been "broken" to a certain degree. http://www.wisdom.weizmann.ac.il/~itsik/RC4/rc4.html

But to answer your question, this is a decent form of protection. Again the failing is the ability to sniff the exchange of the a known challenge, and then also being able to sniff the encrypted challenge. Authentication like Radius,  Kerberos v5(not M$'s version btw- which they have again messed up on) try to get around this and prove http://en.wikipedia.org/wiki/RADIUS sort of a two-factor authentication http://www.schneier.com/essay-083.html

Author Comment

ID: 13922074
Sorry just one more question before I accept the answer if that is ok. Is there an issue using 1 - 256 byte key for large amounts of data? Ie does the encryption protocol start to suffer and then allow for easy decryption?

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as the high-speed power of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Considering today’s continual security threats, which affect Information technology networks and systems worldwide, it is very important to practice basic security awareness. A normal system user can secure himself or herself by following these simp…
This article is about my experience upgrading my consulting machine to Windows 10 Version 1709 (The Fall 2017 Creator Update)
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question