Is AES better than RC4
Joseph Ashwood
ashwood at msn.com
Thu May 25 06:15:38 EDT 2006
----- Original Message -----
From: "Ed Gerck" <edgerck at nma.com>
Subject: [!! SPAM] Re: Is AES better than RC4
> Please note that my email was way different in scope. My opening
> sentence, where I basically said that it does not make much sense
> to compare RC4 with AES, was cut in your quote -- but here it is:
>
> "AES has more uses and use modes than RC4, in addition to the fact that
> it encrypts more than one byte at once. Having said that, it is curious
> to note the following misconceptions:"
Yes I did snip that out. I figured everything we agreed on could be left out
easily enough. I apologize for removing something you considered core to
your view.
> BTW, discarding the first 100's of bytes in RC4 is easy, fast, and
> has nothing to with lack of "key agility". And, if you do it, you don't
> even have to hash the key (ie, you must EITHER hash the key OR discard the
> first bytes).
>From my view it does. Every extra clock cycle has an impact on key agility,
even 1 byte of RC4 discards slows the rekeying process, and as a result it
does affect the effective key agility. That only 256 discards are necessary
does not mean that those extra 256*(clock cycles per pull) clock cycles
don't affect key agility. At what point do we say "This affects key agility"
when it increases the time by 1%? 10%? 100%? If we don't consider every
cycle to reduce key agility it's all just a matter of scale. This does mean
that different implementations will have different key agilities, but if you
look hostorically RC2 makes a great example of where the attacker has
substantially more key agility than the legitimate user, so it is not
without precedent.
Joe
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list