5.1 Security Considerations for Implementers

This protocol has the following security limitations:

Use of semi-weak algorithms. Uses SHA1 and HMAC-SHA1 when computing message digest and keyed message digest.
Use of weak algorithms. Uses MARC4 (RC4-drop(256)) for symmetric key encryption.
Use of non-standard/suspect algorithms. The current protocol uses RSA or ElGamal for public key encryption.
Insufficient encryption of protocol messages. The current protocol does not encrypt the message header. This allows an attacker to read the data in the message header. The current protocol does not encrypt, sign, or protect the integrity of the return code of a response.
Use of the same key for encryption and MAC. The current protocol uses the same secret key for both encryption and integrity protection, exposing transmissions to related key attacks.
Lack of nonce or sequence number to prevent replay attacks. The current protocol does not include a nonce or sequence number in each message to prevent replay attacks. This allows an active attacker to replay messages captured in the past.
Auto Account Code Configuration requires HTTPS for encryption. Auto Account Code Configuration depends on the link layer security.

Additional resources