RC4 Authentication

Posted on 2005-04-12
Last Modified: 2010-04-11
I am planning on using RC4 for some light security for my program to communicate via TCP/IP. Here is how I am planning to have it work.

User send their username to the server.
The server replies back with a random key that is encrypted with the users password.
The user then Decrypts the Key using their Password.
The user replies back with their password encrypted using the key that was just decrypted.
The server decrypts the package using the Key to verify the user.

Is this a some what decent light security measure? How would you rate this type of method? What would be a better method? I am thinking that this would not be half bad considering the password will never be transmitted in the clear but I want to make sure.
Question by:sk33v3
    LVL 38

    Accepted Solution

    This is no differnet than any challenge response authentication. NT and Kerberos both do primarily the same thing:
    NT- A request is sent from pc1to a server1 for permission to access a share (or what have you)
    Server1 ask's DomainController to authenticate pc1. DomainController says, hey pc1, encrypt this "challenge" with your password
    Pc1 encrypts the challenge, and sends to DC. It matches, DC says ok, server1, pc1 passed the test let him in

    AD/Kerberos auth- A request is sent from pc1to a server1 for permission to access a share (or what have you)
    server1 asks GlobalCatalog server to auth pc1. GC says, hey pc1, encrypt this time-stamp with your password
    Pc1 encrypts the timestamp, and sends to GC. It matches, GC says ok, server1, pc1 passed the test let him in for a few minutes, then we'll check again...

    The attack that works on both is that the challenge or timestamp can be sniffed. I can use L0phtCrack or Cain&Able to sniff NT hash's, cain can even do kerberos- (but didn't before the author was pointed to KerbCrack from then run a dictionary attack, or even just plain bruteforce to recover the password that encryted the challenge, or the password that encrypted the timestamp. The timestamp has a 5minute +/- margin of error, so it takes a bit more time, but not much.

    Your method would be, in my opinion, less than or equal to NTLM, it is stronger than LM (lanman) which is the default auth, even in 2003 and xp machines.
    The one thing you sort of have going for you is that people don't have automated rc4 sniffers like they do with kerberos and lm/ntlm/ntlmv2. RC4 is a bit outdated and has been "broken" to a certain degree.

    But to answer your question, this is a decent form of protection. Again the failing is the ability to sniff the exchange of the a known challenge, and then also being able to sniff the encrypted challenge. Authentication like Radius,  Kerberos v5(not M$'s version btw- which they have again messed up on) try to get around this and prove sort of a two-factor authentication
    LVL 9

    Author Comment

    Sorry just one more question before I accept the answer if that is ok. Is there an issue using 1 - 256 byte key for large amounts of data? Ie does the encryption protocol start to suffer and then allow for easy decryption?

    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Suggested Solutions

    Title # Comments Views Activity
    Endpoint Protection for ESXi Host 4 24
    Nessus Scan 1 54
    Android Security Model 3 40
    deny local logon 12 34
    How to sign a powershell script so you can prevent tampering, and only allow users to run authorised Powershell scripts
    Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    760 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    11 Experts available now in Live!

    Get 1:1 Help Now