(A)RC4 state leakage
Steven M. Bellovin
smb at research.att.com
Thu Dec 27 20:13:40 EST 2001
In message <Pine.LNX.4.33.0112281140131.1232-100000 at mothra.mindrot.org>, Damien
Miller writes:
>The common wisdom when using (A)RC4 as a PRNG seems to be to discard
>the first few bytes of keystream it generates as it may be correlated
>to the keying material.
>
>Does anyone have a reference that describes this in more detail? Or
>am I confused :)
>
Seee http://www.wisdom.weizmann.ac.il/~itsik/RC4/rc4.html for lots of
references on RC4 and attacks on it.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list