3.2.2.1 RC4 Cipher Usage

The data MUST be encrypted and decrypted using the RC4 algorithm (for more information about RC4, see [SCHNEIER] section 17.1). The key, required during runtime by the RC4 algorithm, MUST be the 16-byte key specified by the method using this structure (for examples, see sections 3.1.5.10.2 and 3.1.5.10.3). The encrypted portion of the SAMPR_ENCRYPTED_USER_PASSWORD_NEW.Buffer structure MUST be protected in the same way, but the 16-byte key is specified in section 3.2.2.2.