[Cryptography] RC4 again (actual security, scalability and other discussion)
Miroslav Kratochvil
exa.exa at gmail.com
Wed Mar 12 05:29:35 EDT 2014
I have been an ARC4-DROP fan for years. I wrote the "TinyCrypt"
> project (on SourceForge) to encrypt files with it years ago when it
> was hard to even find a simple file encryption program. I felt it was
> secure enough up until last year when the Royal Holloway attack was
> published:
>
> http://en.wikipedia.org/wiki/RC4#Royal_Holloway_attack
>
> As they say on Wikipedia, it's not a practical attack yet, but it
> looks scary. That combined with rumors that the NSA has broken ARC4
> are enough for me to no longer use my own TinyCrypt ARC4 based code.
>
>
Great to hear about TinyCrypt :] Mine is called Codecrypt, here
https://github.com/exaexa/codecrypt
I'm actually not sure if I got the Holloway attack right - from all sides I
seen it it looks just like another statistical attack that can be made
arbitrarily inplausible by increasing the DROP parameter. If I'm wrong,
please correct me.
> The Snowden leaks, if I'm not mistaken, seem to imply that AES is
> secure, even against the NSA. It's even simpler to use AES from the
> openssl library than to code ARC4.
>
Just opinions --
I kindof dislike OpenSSL development method (it's not really transparent
and organized enough for the most-used crypto library in the world). But
that's my opinion :]
About Snowden... AFAIK, he implied that there is properly implemented
strong cryptography that is reliable. Rumors have already been around that
"strong cryptography" doesn't include RSA-2048...
Regards,
-mk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140312/f3f49ede/attachment.html>
More information about the cryptography
mailing list