Columbia crypto box
Trei, Peter
ptrei at rsasecurity.com
Mon Feb 10 14:40:05 EST 2003
> Matthew Byng-Maddick[SMTP:cryptography at lists.colondot.net] writes:
>
>
> On Sun, Feb 09, 2003 at 11:43:55PM -0500, Donald Eastlake 3rd wrote:
> > been that you either throw away the first 256 bytes of stream key output
>
> > or use a different key on every message. WEP does neither. TKIP, the new
>
>
> You NEVER, EVER, re-use the key for a stream cipher, if you do, you might
> as well just give up. By re-using the key, I can get
> plaintext (combinator) plaintext, which is easier to solve than
> plaintext (combinator) cipherstream.
>
> It's one of those things, like re-using a pad.
>
> MBM
>
The weird thing about WEP was its choice of cipher. It used RC4, a
stream cipher, and re-keyed for every block. . RC4 is
not really intended for this application. Today we'd
have used a block cipher with varying IVs if neccessary
I suspect that RC4 was chosen for other reasons - ease of
export, smallness of code, or something like that. It runs fast,
but rekeying every block loses most of that advantage.
Just my personal musings....
Peter Trei
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list