Columbia crypto box

Steven M. Bellovin smb at
Mon Feb 10 23:03:11 EST 2003

In message <3E487440.5050005 at>, "Paul A.S. Ward" writes:
>Is it really fair to blame WEP for not using AES when AES wasn't around 
>when WEP was being created?

Of course they couldn't have used AES.  But there are other block 
ciphers they could have used.  They could have used key management.  
They could have added a MAC.  They could have used a longer "IV" field, 
with a random starting point mandated by the spec.  Or they could have 
put a big warning on saying "this doesn't protect you from very much".

		--Steve Bellovin, (me) (2nd edition of "Firewalls" book)

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list