Requesting feedback on patched RC4-variant
John Kelsey
kelsey.j at ix.netcom.com
Wed Apr 25 09:39:06 EDT 2001
-----BEGIN PGP SIGNED MESSAGE-----
At 07:46 AM 4/25/01 +1000, Greg Rose wrote:
...
>Anyway, as a lover of stream ciphers, I just get upset when
>people point out the bit-twiddling attack, without realising
>that they are implicitly endorsing using block ciphers
>without robust integrity protection instead. If it needs
>integrity protection, add a MAC, and the ciphers are on even
>ground again.
One interesting point which I haven't seen discussed much:
the way you have to use stream ciphers to avoid reuse of
keystream allows you to really restrict the attacks possible
on your MAC. For example, you have to build your protocol
so that the IV or position in the keystream or whatever
*never* repeats. But that means that you can ensure that
your MAC's starting state never repeats, either. Similarly,
the recipient must only accept a transmitted message with a
given IV (or whatever) once, which also works nicely with a
stream cipher.
>Greg.
--John Kelsey
k.e.l.s.e.y.(dot).j.(at).i.x.(dot).n.e.t.c.o.m.(dot).c.o.m
PGP: 5D91 6F57 2646 83F9 6D7F 9C87 886D 88AF
``Slavery's most important legacy may be a painful insight
into human nature and into the terrible consequences of
unbridled power.'' --Thomas Sowell, _Race and Culture_
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.1 Int. for non-commercial use
<http://www.pgpinternational.com>
iQCVAwUBOubTdSZv+/Ry/LrBAQGqFgP/bjrxJg8mScRtnkAitmcucemlojYIN7qk
Xh3npz5wYrSl+ayeMYTij3tJDWyF786KoGciYIaiYbSu2dU6Ly5CHEoplOrtllkI
1D4LyfT9oXf8Xz7+Hjk2Cm1QZMRt1kpEyPyiiAx68D46X9WqigUFqxTbOf+hetXA
1sA59HC6AQs=
=HCA9
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list