Requesting feedback on patched RC4-variant

Bill Stewart bill.stewart at pobox.com
Sat Apr 21 18:12:50 EDT 2001 

At 06:26 PM 04/20/2001 +0200, Matthijs van Duin wrote:
>I needed a high-speed stream cipher in REALbasic, which has exceptionally 
>poor support for the kind of operations needed (no unsigned 32-bit 
>integers, no bitshift)
>I already made an RC4 implementation a while ago, but the algorithm has 
>some problems, outlined in the recent crack of the encryption of wireless 
>networking. (IEEE something)
>
>[Those have to do with stream ciphers in general and exploited no
>specific features of RC4. --Perry]
>
>To avoid this, I basically patched RC4 in two ways: 1. add cipher block 
>chaining  2. make the state-permutations depend on the data, to make 
>long-term changes to the pseudorandom data stream RC4 generates. I hope 
>this will make my application immune to the attack done on wireless 
>networking (which would be vulnerable with RC4 since I also use CRC for 
>integrity checking).
>I'm however not (yet ;) an expert on cryptography, so I'm not entirely 
>sure whether I didn't mutilate the algorithm in such a way I introduced 
>major new weaknesses.. I'd therefore greatly appreciate some feedback on this.


In general, if you're not an expert (:), it's worth not messing with the
core parts of algorithms to prevent an attack when you don't undertand the 
attack.
You mutilated it in ways that don't introduce major new strengths.
RC4 has two basic rules for using it securely
- Use long enough keys.
- Never EVER reuse a key.

The basic things wrong with the use of RC4 in several broken
commercial environments (e.g. 802.11 WEP, MS PPTP) include
- keys too short - 40 bits is trivial.  128 bits is fine.
- things that give away information about the keys.  32 bits is worse than 40.
- reusing keys.  Things like using the same key for both directions of
         a conversation, or always restarting at the beginning when you 
lose sync,
         or generating the key in a way that a given pair of users always
         uses the same key are easy popular ways to violate this.
- having other ways to guess the key - the original MS PPTP used leftover
         password handling code that made it easy to steal the key.




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list