Requesting feedback on patched RC4-variant
Nikita Borisov
nikitab at cs.berkeley.edu
Tue Apr 24 13:47:19 EDT 2001
In article <4.3.1.0.20010424070403.01adbe48 at 203.30.171.11>,
Greg Rose <ggr at qualcomm.com> wrote:
>As Perry points out, you need integrity protection anyway, whether using
>RC4 or not. But I'd like to point out that this is one of the few things
>*not* really wrong with WEP. Remember that the signal is being send using
>DSSS (Direct sequence spread spectrum, similar to CDMA digital phones) and
>the chances of an attacker being able to change just one bit, or a targeted
>selection of bits, in a message, is essentially zero.
Of course it's difficult to modify a message while it's in transit.
However, WEP does not prevent replay attacks, so it is possible to
replay a previously transmitted frame with appropriate modifications.
Some people have also suggested tricks to me that can ensure that the
original message never gets received, if that is a concern. I stand by
the claim that integrity protection is important in a protocol such as
WEP.
- Nikita
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list