The RC4 stream encryption algorithm (created by Ron Rivest in 1987) is a classic in its field, but has recently been criticized for its vulnerability in WEP and TLS. However, a closer look shows that in these cases it was not RC4 itself that was vulnerable, but its unfortunate combination with the specified protocols. Those who wish can delve into the details themselves, but here we will only note that the vulnerabilities of RC4 in combination with WEP and TLS described in the cryptological literature have nothing to do with our system, since the loopholes through which the hack was carried out there are completely absent in Extra Systems Cypher Net.
The implementation of the RC4 stream encryption algorithm in our system is performed as follows:
typedef struct rc4_key
{
unsigned char state[256];
unsigned char x;
unsigned char y;
} rc4_key;
void swap_byte(unsigned char *a, unsigned char *b)
{
unsigned char swapByte;
swapByte = *a;
*a = *b;
*b = swapByte;
}
void prepare_rc4_key(unsigned char *key_data_ptr, int key_data_len, rc4_key *key)
{
unsigned char index1, index2;
unsigned char* state;
short counter;
state = &key->state[0];
for(counter = 0; counter < 256; counter++) state[counter] = counter;
key->x = 0; key->y = 0;
index1 = 0; index2 = 0;
for(counter = 0; counter < 256; counter++)
{
index2 = (key_data_ptr[index1] + state[counter] + index2) % 256;
swap_byte(&state[counter], &state[index2]);
index1 = (index1 + 1) % key_data_len;
}
}
void rc4_crypt_buffer(unsigned char *buffer_ptr, int buffer_len, rc4_key *key)
{
unsigned char x, y;
unsigned char *state;
unsigned char xorIndex;
short counter;
x = key->x; y = key->y;
state = &key->state[0];
for(counter = 0; counter < buffer_len; counter++)
{
x = (x + 1) % 256;
y = (state[x] + y) % 256;
swap_byte(&state[x], &state[y]);
xorIndex = (state[x] + state[y]) % 256;
buffer_ptr[counter] ^= state[xorIndex];
}
key->x = x;
key->y = y;
}
rc4_key rc4_key_table;
void encrypt_buffer(unsigned char *buffer_ptr, int buffer_len) { rc4_crypt_buffer(buffer_ptr, buffer_len, &rc4_key_table); }
void decrypt_buffer(unsigned char *buffer_ptr, int buffer_len) { rc4_crypt_buffer(buffer_ptr, buffer_len, &rc4_key_table); }
void make_crypt_key_table(unsigned char *key_data_ptr, int key_data_len)
{
int i, buffer_len;
unsigned char x;
unsigned char rc4_trash[RC4_SKIP_TRASH + 256];
prepare_rc4_key(key_data_ptr, key_data_len, &rc4_key_table);
x = RC4_SKIP_EXTRA;
for(i = 0; i < key_data_len; i++) x = x + key_data_ptr[i];
buffer_len = RC4_SKIP_TRASH + x;
encrypt_buffer(rc4_trash, buffer_len);
}
The call to encrypt_buffer in make_crypt_key_table to "encode" the rc4_trash buffer to RC4_SKIP_TRASH bytes effectively ignores some of the initial RC4 bytes, which are considered "not strong enough" in modern cryptography. Although we do not consider these considerations serious (especially due to the presence of a powerful pre-encoding module in our system), we nevertheless decided to make this concession to the currently dominant position among cryptographers. We do not publish the specific value of RC4_SKIP_TRASH, especially since it can change depending on the wishes of a particular client.
Random variation of the number of discarded initial bytes of the RC4 cipher by summing cryptographically random bytes of the RC4 key modulo 256 (unsigned char x variable) provides additional protection against hackers breaking the stream encryption of the communication session provided by this module. Since the RC4 key will be different each time in each new communication session, the number of discarded bytes of the key stream will also differ each time.
Our concealment of specific values of RC4_SKIP_TRASH and RC4_SKIP_EXTRA in this module does not contradict the Kerckhoffs principle, since these parameters do not relate to the code (which is published here in full), but are, in our understanding, key data. Concealing these values creates additional problems for hackers to break into our system, which is exactly what we are striving for. In order to evaluate the cryptographic strength of our product by independent experts, we consider it sufficient to indicate that the value of RC4_SKIP_TRASH always exceeds 500 in our product, and the value of RC4_SKIP_EXTRA is always greater than 0 and always less than 255.
The content of this page is also available in French, German, Portuguese, Spanish, Italian, Ukrainian and Russian.
| © Extra Systems, 2024 |
|