AES, RC4
Joseph Ashwood
ashwood at msn.com
Sun Aug 2 00:18:13 EDT 2009
-------------------------------------------------
From: "PETER SCHWEITZER" <peter at infosecsys.com>
Subject: AES, RC4
> Referring to your note of August 1: I haven't found anything about
> breaking RC4 if used with a newly randomly generated key (unrelated to
> any others) for every communication session. I would appreciate being
> enlightened!
If a completely unrelated new key is used, and the key has sufficient
entropy, and it isn't used for too long, and the entropy of the key is
fairly smoothly distributed, and the first several bytes are discarded, and
I'm probably missing a couple of requirements, then RC4 is reasonably
secure. On the other hand using AES-128 in CTR mode, the key requires
sufficient entropy. That is the difference, particularly attempting to make
sure there the RC4 kys are truly unrelated is continually difficult.
> Is your partly negative recommendation for AES' "...for most new protocol
> purposes" to do with the recent related-key attack? Which I would
> certainly agree is very disquieting, even though, as you say, it has no
> current negative consequences.
The last few weeks have not been kind to AES-256, a couple new attacks, the
related key on the full structure, and the more recent significant erosion
in other areas. Like I said, not enough to force an immediate retirement,
AES-256 remains functionally secure, but the argument for usage is getting
more difficult, AES-256 seems to be no more secure than AES-128, and is
slower.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list