[Cryptography] RC4 again (actual security, scalability and other discussion)

Watson Ladd watsonbladd at gmail.com
Sat Mar 8 19:39:20 EST 2014

On Sat, Mar 8, 2014 at 3:58 PM, James A. Donald <jamesd at echeque.com> wrote:
> On 2014-03-08 20:57, Miroslav Kratochvil wrote:
>>  From all sources I have ever seen I can say that RC4 itself is not
>> broken. I'm usually proving and explaining that fact to everyone quite
>> successfully, but it's always better if you ask someone else about his
>> opinion. That is, as you can now probably see, roughly the whole purpose
>> of this post. If you find any errors in following statements, please
>> report them.
> Arc4 is not broken.  It has known weaknesses, and must be used correctly in
> the light of these known weaknesses.  It frequently is not used correctly.

Sorry, the bytes out of RC4 are not IID. This means an RC4 encrypted
plaintext reveals information to an attacker. This has been known
since 2000 when Fluhrer and McGrew published on this subject.

Watson Ladd

> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

"Those who would give up Essential Liberty to purchase a little
Temporary Safety deserve neither  Liberty nor Safety."
-- Benjamin Franklin

More information about the cryptography mailing list