question

Brian C. avatar image
Brian C. asked ·

Does anyone have experience with RC5 encryption and Citrix monitoring?

I know if we leave full RC5 encryption there is no way to get user information from those packets, but my Citrix team asked about using "

    • RC5 (128 bit) logon only. Encrypts the logon data with RC5 128-bit encryption and the client connection using Basic encryption. "

    Based on the description this setting is still going to keep us from getting the user identification, but I wanted to check with other parties to see if my assumption is correct.

    Thanks

    Brian

    citrix
    10 |2000000 characters needed characters left characters exceeded

    Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

    Wojciech K. avatar image
    Wojciech K. answered ·

    Brian,

    Logon only RC5 encryption will still render the session impossible to decode. This is caused by the fact, that the session data is also compressed and compression comes after encryption. When the initial (logon) session stage will be encrypted with RC5 we will lose part of the decompression history and will be unable to perform any further decoding.

    In theory this should be possible with compression disabled, but I believe that currently the decode will still stop session decoding at the moment RC5 is activated (since compression is almost always enabled).

    However as far as I know, Citrix doesn't recommend using RC5 encryption as it is highly vulnerable to man-in-the-middle attacks and recommends using SSL instead.

    Wojtek.

    Share
    10 |2000000 characters needed characters left characters exceeded

    Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

    Chris V. avatar image
    Chris V. answered ·

    Correct, Citrix no longer recommends new deployments with RC5. SSL option is better overall for security, and better for DCRUM too.

    Share
    10 |2000000 characters needed characters left characters exceeded

    Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.