Fast MAC algorithms?
Joseph Ashwood
ashwood at msn.com
Sat Aug 1 08:33:23 EDT 2009
--------------------------------------------------
From: "James A. Donald" <jamesd at echeque.com>
Subject: Re: Fast MAC algorithms?
> james hughes wrote:
>>
>> On Jul 27, 2009, at 4:50 AM, James A. Donald wrote:
>>> No one can break arcfour used correctly - unfortunately, it is tricky to
>>> use it correctly.
>>
>> RC-4 is broken when used as intended.
...
>> If you take these into consideration, can it be used "correctly"?
>
> Hence "tricky"
By the same argument a Viginere cipher is "tricky" to use securely, same
with monoalphabetic and even Ceasar. Not that RC4 is anywhere near the
brokenness of Viginere, etc, but the same argument can be applied, so the
argument is flawed.
The question is: What level of heroic effort is acceptable before a cipher
is considered broken? Is AES-256 still secure?3-DES? Right now, to me
AES-256 seems to be about the line, it doesn't take significant effort to
use it securely, and the impact on the security of modern protocols is
effectively zero, so it doesn't need to be retired, but I wouldn't recommend
it for most new protocol purposes. RC4 takes excessive heroic efforts to
avoid the problems, and even teams with highly skilled members have gotten
it horribly wrong. Generally, using RC4 is foolish at best.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list