Fast MAC algorithms?
james hughes
hughejp at mac.com
Sun Jul 26 20:47:53 EDT 2009
On Jul 27, 2009, at 4:50 AM, James A. Donald wrote:
> From: "Nicolas Williams" <Nicolas.Williams at sun.com>
>>> For example, many people use arcfour in SSHv2 over AES because
>>> arcfour
>>> is faster than AES.
>
> Joseph Ashwood wrote:
>> I would argue that they use it because they are stupid. ARCFOUR
>> should have been retired well over a decade ago, it is weak, it
>> meets no reasonable security requirements,
>
> No one can break arcfour used correctly - unfortunately, it is
> tricky to use it correctly.
RC-4 is broken when used as intended. The output has a statistical
bias and can be distinguished.
http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/FluhrerMcgrew.pdf
and there is exceptional bias in the second byte
http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/bc_rc4.ps
The latter is the basis for breaking WEP
http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/wep_attack.ps
These are not attacks on a reduced algorithm, it is on the full
algorithm.
If you take these into consideration, can it be used "correctly"? I
guess tossing the first few words gets rid of the exceptional bias,
and maybe change the key often to get rid of the statistical bias? Is
this what you mean by used "correctly"?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list