Requesting feedback on patched RC4-variant

Matthijs van Duin matthijs at cds.nl
Sat Apr 21 18:22:30 EDT 2001


>In general, if you're not an expert (:), it's worth not messing with the
>core parts of algorithms to prevent an attack when you don't 
>undertand the attack.

I do fully understand how both RC4 and the attack work.

[I'm not so sure about that. --PM]

>RC4 has two basic rules for using it securely
>- Use long enough keys.
>- Never EVER reuse a key.

I did those already, I was very well aware that reusing an RC4 key is 
a no-no, I even explained the need for this to other people.


>The basic things wrong with the use of RC4 in several broken
>commercial environments (e.g. 802.11 WEP, MS PPTP) include
><snip>

Too short key length wasn't the only problem in WEP: Another problem 
arose from the fact that when you toggle a single bit in the 
ciphertext, that *same* bit is toggled in the plaintext.

[That's not an RC4 feature -- that's a feature of any stream
cipher. However, in general, any time you use a cipher in a
communications protocol, you want a MAC as well, even if you are using
a block cipher in CBC. --PM]

Therefore, 
if the contents of part of the ciphertext is known, that part could 
be modified. WEP has integrity checking to protect against this, 
however they did this in a flawed way. (the propogation of a bit 
toggle can be tracked through the CRC algorithm to determine which 
bits of the CRC should be toggled to make sure the change will not be 
detected)

in general, I'm not comfortable with this bit-toggle property, but RB 
is too sucky to implement a decent algorithm.

Well, I'm working on getting cryptlib working on MacOS anyway, and 
then turn it into an RB plugin, and all my problems will be solved :-)


Matthijs van Duin
- PGP Key: 0xB6205CCB   <finger://PGPkey_DH@hmvd.cds.nl> -
- FP: D73C 9EE3 5F6B E5D5 8E19  2CBE 4648 8C3E B620 5CCB -



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com




More information about the cryptography mailing list