Columbia crypto box

Bill Frantz frantz at
Mon Feb 10 19:02:33 EST 2003

At 1:26 PM -0800 2/10/03, David Wagner wrote:
>It's hard to believe that RC4 was chosen for technical reasons.
>The huge cost of key setup per packet (equivalent to generating 256
>bytes of keystream and then throwing it away) should dominate the other
>potential advantages of RC4.

The technical reasons people might chose RC4 for an embedded application
like 802.11 WEP include:

  * Code size so close to zero as to make no never mind.
  * Intermediate data size so close to zero as to make no never mind.
  * Fast key setup (Forget tossing the 256 bytes of key stream.
    The designers weren't crypto engineers.  Personally, I'd toss the
    first 1024.)
  * Fast encrypt/decrypt.
  * Commonly used in respected security applications (e.g. SSL).

>In any case, WEP would clearly look very different if it had been designed
>by cryptographers, and it almost certainly wouldn't use RC4.  Look at
>CCMP, for instance: it is 802.11i's chosen successor to, and re-design
>of, WEP.  CCMP uses AES, not RC4, and I think that was a smart move.

I agree.  WEP is what you get when you don't seek public review.

Cheers - Bill

Bill Frantz           | Due process for all    | Periwinkle -- Consulting
(408)356-8506         | used to be the Ameican | 16345 Englewood Ave.
frantz at | way.                   | Los Gatos, CA 95032, USA

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list