[Cryptography] RC4 again (actual security, scalability and other discussion)
Bill Cox
waywardgeek at gmail.com
Sat Mar 8 22:12:29 EST 2014
On Sat, Mar 8, 2014 at 6:58 PM, James A. Donald <jamesd at echeque.com> wrote:
> On 2014-03-08 20:57, Miroslav Kratochvil wrote:
>>
>> From all sources I have ever seen I can say that RC4 itself is not
>> broken. I'm usually proving and explaining that fact to everyone quite
>> successfully, but it's always better if you ask someone else about his
>> opinion. That is, as you can now probably see, roughly the whole purpose
>> of this post. If you find any errors in following statements, please
>> report them.
I have been an ARC4-DROP fan for years. I wrote the "TinyCrypt"
project (on SourceForge) to encrypt files with it years ago when it
was hard to even find a simple file encryption program. I felt it was
secure enough up until last year when the Royal Holloway attack was
published:
http://en.wikipedia.org/wiki/RC4#Royal_Holloway_attack
As they say on Wikipedia, it's not a practical attack yet, but it
looks scary. That combined with rumors that the NSA has broken ARC4
are enough for me to no longer use my own TinyCrypt ARC4 based code.
The Snowden leaks, if I'm not mistaken, seem to imply that AES is
secure, even against the NSA. It's even simpler to use AES from the
openssl library than to code ARC4. I've got some not ready for
prime-time code in tigerkdf-enc.c and tigerkdf-dec.c, which show how
to (improperly) use the openssl library:
https://github.com/waywardgeek/tigerkdf
Another recent use for ARC4 I proposed was using it in a memory-hard
password hashing system to rapidly fill memory. It's plenty secure
enough for that application, but even with it's amazing simplicity,
it's too slow for my purposes there. It's great for an 8-bit
microcontroller, but with an Intel Core i7-4770, I can use the 8x32
SIMD unit (AVX2) to hash memory amazingly fast (thanks to guidance
from Solar Designer). ARC4 was amazing for it's time and got a bad
rap due to poor implementations, but I think it's time has passed.
Hope this helps.
Bill
More information about the cryptography
mailing list