Requesting feedback on patched RC4-variant

Greg Rose ggr at qualcomm.com
Tue Apr 24 17:46:00 EDT 2001 

At 05:47 PM 4/24/2001 +0000, Nikita Borisov wrote:
>In article <4.3.1.0.20010424070403.01adbe48 at 203.30.171.11>,
>Greg Rose  <ggr at qualcomm.com> wrote:
> >As Perry points out, you need integrity protection anyway, whether using
> >RC4 or not. But I'd like to point out that this is one of the few things
> >*not* really wrong with WEP. Remember that the signal is being send using
> >DSSS (Direct sequence spread spectrum, similar to CDMA digital phones) and
> >the chances of an attacker being able to change just one bit, or a targeted
> >selection of bits, in a message, is essentially zero.
>
>Of course it's difficult to modify a message while it's in transit.
>However, WEP does not prevent replay attacks, so it is possible to
>replay a previously transmitted frame with appropriate modifications.
>Some people have also suggested tricks to me that can ensure that the
>original message never gets received, if that is a concern.  I stand by
>the claim that integrity protection is important in a protocol such as
>WEP.

I absolutely agree that integrity protection is necessary, and I didn't 
mean to say otherwise. And you're right, I didn't think about bit-twiddling 
in a replayed frame (but doesn't the too-short frame counter thing prevent 
replay to some extent?).

You're right and I withdraw my comment.

Anyway, as a lover of stream ciphers, I just get upset when people point 
out the bit-twiddling attack, without realising that they are implicitly 
endorsing using block ciphers without robust integrity protection instead. 
If it needs integrity protection, add a MAC, and the ciphers are on even 
ground again.

Greg.



Greg Rose                                       INTERNET: ggr at qualcomm.com
Qualcomm Australia          VOICE:  +61-2-9817 4188   FAX: +61-2-9817 5199
Level 3, 230 Victoria Road,                http://people.qualcomm.com/ggr/
Gladesville NSW 2111    232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com

More information about the cryptography mailing list