• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 296
  • Last Modified:

RC4 Authentication

I am planning on using RC4 for some light security for my program to communicate via TCP/IP. Here is how I am planning to have it work.

User send their username to the server.
The server replies back with a random key that is encrypted with the users password.
The user then Decrypts the Key using their Password.
The user replies back with their password encrypted using the key that was just decrypted.
The server decrypts the package using the Key to verify the user.

Is this a some what decent light security measure? How would you rate this type of method? What would be a better method? I am thinking that this would not be half bad considering the password will never be transmitted in the clear but I want to make sure.
1 Solution
Rich RumbleSecurity SamuraiCommented:
This is no differnet than any challenge response authentication. NT and Kerberos both do primarily the same thing:
NT- A request is sent from pc1to a server1 for permission to access a share (or what have you)
Server1 ask's DomainController to authenticate pc1. DomainController says, hey pc1, encrypt this "challenge" with your password
Pc1 encrypts the challenge, and sends to DC. It matches, DC says ok, server1, pc1 passed the test let him in

AD/Kerberos auth- A request is sent from pc1to a server1 for permission to access a share (or what have you)
server1 asks GlobalCatalog server to auth pc1. GC says, hey pc1, encrypt this time-stamp with your password
Pc1 encrypts the timestamp, and sends to GC. It matches, GC says ok, server1, pc1 passed the test let him in for a few minutes, then we'll check again...

The attack that works on both is that the challenge or timestamp can be sniffed. I can use L0phtCrack or Cain&Able to sniff NT hash's, cain can even do kerberos- (but didn't before the author was pointed to KerbCrack from ntsecurity.nu) then run a dictionary attack, or even just plain bruteforce to recover the password that encryted the challenge, or the password that encrypted the timestamp. The timestamp has a 5minute +/- margin of error, so it takes a bit more time, but not much.

Your method would be, in my opinion, less than or equal to NTLM, it is stronger than LM (lanman) which is the default auth, even in 2003 and xp machines.
The one thing you sort of have going for you is that people don't have automated rc4 sniffers like they do with kerberos and lm/ntlm/ntlmv2. RC4 is a bit outdated and has been "broken" to a certain degree. http://www.wisdom.weizmann.ac.il/~itsik/RC4/rc4.html

But to answer your question, this is a decent form of protection. Again the failing is the ability to sniff the exchange of the a known challenge, and then also being able to sniff the encrypted challenge. Authentication like Radius,  Kerberos v5(not M$'s version btw- which they have again messed up on) try to get around this and prove http://en.wikipedia.org/wiki/RADIUS sort of a two-factor authentication http://www.schneier.com/essay-083.html
sk33v3Author Commented:
Sorry just one more question before I accept the answer if that is ok. Is there an issue using 1 - 256 byte key for large amounts of data? Ie does the encryption protocol start to suffer and then allow for easy decryption?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now