[Cryptography] RC4 again (actual security, scalability and other discussion)
exa.exa at gmail.com
Wed Mar 12 05:29:35 EDT 2014
I have been an ARC4-DROP fan for years. I wrote the "TinyCrypt"
> project (on SourceForge) to encrypt files with it years ago when it
> was hard to even find a simple file encryption program. I felt it was
> secure enough up until last year when the Royal Holloway attack was
> As they say on Wikipedia, it's not a practical attack yet, but it
> looks scary. That combined with rumors that the NSA has broken ARC4
> are enough for me to no longer use my own TinyCrypt ARC4 based code.
Great to hear about TinyCrypt :] Mine is called Codecrypt, here
I'm actually not sure if I got the Holloway attack right - from all sides I
seen it it looks just like another statistical attack that can be made
arbitrarily inplausible by increasing the DROP parameter. If I'm wrong,
please correct me.
> The Snowden leaks, if I'm not mistaken, seem to imply that AES is
> secure, even against the NSA. It's even simpler to use AES from the
> openssl library than to code ARC4.
Just opinions --
I kindof dislike OpenSSL development method (it's not really transparent
and organized enough for the most-used crypto library in the world). But
that's my opinion :]
About Snowden... AFAIK, he implied that there is properly implemented
strong cryptography that is reliable. Rumors have already been around that
"strong cryptography" doesn't include RSA-2048...
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the cryptography