Columbia crypto box

Donald Eastlake 3rd dee3 at
Sun Feb 9 23:43:55 EST 2003

While I'm not claiming RC4 is strong, the main problem is that WEP 
misuses it. At I understand it, the recommendation for a long time has 
been that you either throw away the first 256 bytes of stream key output 
or use a different key on every message. WEP does neither. TKIP, the new 
security mode for 802.11 designed for feeble legacy hardware, still uses 
RC4 but does change keys on every message.

 Donald E. Eastlake 3rd                       dee3 at
 155 Beaver Street              +1-508-634-2066(h) +1-508-851-8280(w)
 Milford, MA 01757 USA                   Donald.Eastlake at

On Sun, 9 Feb 2003, Pete Chown wrote:

> Date: Sun, 09 Feb 2003 13:51:07 +0000
> From: Pete Chown <Pete.Chown at>
> To: cryptography at
> Subject: Re: Columbia crypto box
> Bill Stewart wrote:
> > These days nobody *has* a better cryptosystem than you do They might
> > have a cheaper one or a faster one, but for ten years the public's
> > been able to get free planet-sized-computer-proof crypto ...
> I seem to remember that the Nazis said the same thing about Enigma.
> Even when evidence began to filter back that it had been broken, they
> ignored it because they were so confident that a break was impossible.
> It's true that protocol and programming problems account for the huge
> majority of security holes.  The WEP break, though, was one notable
> exception.  They were using an established cryptosystem (RC4) with a
> planet sized key (128 bits).  However, a weakness in RC4 itself let them
> down.
> > ... if you don't like it, you can switch from 3DES and 1024-bit RSA
> > to 5DES and/or 4096-bit RSA.
> I don't know about 4096-bit, but you should switch to something if you
> care about security; recent results imply that it may be possible to
> factor 1024-bit numbers.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list