5.1 Security Considerations for Implementers

Usage of RC4 is specified in section 5.1.1. This protocol employs an implementation that reuses RC4 key stream, which subjects it to Xor and other cryptanalysis attacks. This vulnerability is applicable when multiple RC4-encrypted opnum requests are made over the same transport session, as specified in section 2.1.

Usage of Data Encryption Standard (DES) in Electronic Code Book (ECB) mode is specified in section 5.1.2. This algorithm is considered inadequate for maintaining confidentiality considering the efficiency of brute-force and cryptanalysis attacks that are enabled by using year 2006, off-the-shelf computer hardware.

The session key for sections 5.1.1 and 5.1.2 is obtained from the SMB transport, as specified in section 2.1. The session key is obtained from the SMB transport every time a message that needs encryption is to be sent or a message that needs decryption is to be received.