Columbia crypto box
David Wagner
daw at mozart.cs.berkeley.edu
Mon Feb 10 16:26:20 EST 2003
Trei, Peter wrote:
>The weird thing about WEP was its choice of cipher. It used RC4, a
>stream cipher, and re-keyed for every block. . RC4 is
>not really intended for this application. Today we'd
>have used a block cipher with varying IVs if neccessary
>
>I suspect that RC4 was chosen for other reasons - ease of
>export, smallness of code, or something like that. It runs fast,
>but rekeying every block loses most of that advantage.
It's hard to believe that RC4 was chosen for technical reasons.
The huge cost of key setup per packet (equivalent to generating 256
bytes of keystream and then throwing it away) should dominate the other
potential advantages of RC4.
In any case, WEP would clearly look very different if it had been designed
by cryptographers, and it almost certainly wouldn't use RC4. Look at
CCMP, for instance: it is 802.11i's chosen successor to, and re-design
of, WEP. CCMP uses AES, not RC4, and I think that was a smart move.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list