Requesting feedback on patched RC4-variant
Greg Rose
ggr at qualcomm.com
Tue Apr 24 17:46:00 EDT 2001
At 05:47 PM 4/24/2001 +0000, Nikita Borisov wrote:
>In article <4.3.1.0.20010424070403.01adbe48 at 203.30.171.11>,
>Greg Rose <ggr at qualcomm.com> wrote:
> >As Perry points out, you need integrity protection anyway, whether using
> >RC4 or not. But I'd like to point out that this is one of the few things
> >*not* really wrong with WEP. Remember that the signal is being send using
> >DSSS (Direct sequence spread spectrum, similar to CDMA digital phones) and
> >the chances of an attacker being able to change just one bit, or a targeted
> >selection of bits, in a message, is essentially zero.
>
>Of course it's difficult to modify a message while it's in transit.
>However, WEP does not prevent replay attacks, so it is possible to
>replay a previously transmitted frame with appropriate modifications.
>Some people have also suggested tricks to me that can ensure that the
>original message never gets received, if that is a concern. I stand by
>the claim that integrity protection is important in a protocol such as
>WEP.
I absolutely agree that integrity protection is necessary, and I didn't
mean to say otherwise. And you're right, I didn't think about bit-twiddling
in a replayed frame (but doesn't the too-short frame counter thing prevent
replay to some extent?).
You're right and I withdraw my comment.
Anyway, as a lover of stream ciphers, I just get upset when people point
out the bit-twiddling attack, without realising that they are implicitly
endorsing using block ciphers without robust integrity protection instead.
If it needs integrity protection, add a MAC, and the ciphers are on even
ground again.
Greg.
Greg Rose INTERNET: ggr at qualcomm.com
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list