Open Source Embedded SSL - Export Questions
Bill Stewart
bill.stewart at pobox.com
Fri Nov 28 02:24:29 EST 2003
At 02:45 PM 11/27/2003 +1100, Greg Rose wrote:
>At 12:27 PM 11/27/2003, Thor Lancelot Simon wrote:
>>RC4 is extremely weak for some applications.
>>A block cipher is greatly preferable.
>
>I'm afraid that I can't agree with this howling logical error.
>RC4 is showing its age, but there are other stream ciphers
>that are acceptable, and there are block ciphers
>(such as FEAL, same vintage as RC4) that aren't even vaguely secure.
Well, to be more precise,
RC4 has restrictions on the ways you can use it that
make its crypto strength fail very badly if you violate them,
and because it's an XOR stream cypher there are sometimes
things you can't do with it that you could do with a block cypher.
RC4 does also have the historical problem that people sometimes
decide to use it with 40-bit keys because they can...
OTOH, of course being a block cypher isn't enough to guarantee
either strength or usefulness, e.g. bass-o-matic.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list