[Cryptography] RC4 again (actual security, scalability and other discussion)

[Miroslav Kratochvil]

> The double-byte biases, on the other hand, are killers.  They're present
> in the long-term state of the algorithm, and while small, are demonstrably
> sufficient to actually break encrypted text with a reasonable amount of
> input. [.....]
>
> That's convinced me personally.  RIP RC4.
>

This is a good argument. It's not effective in my case (I was "reasonable"
with the setup and I don't throw many key&plaintext ciphertexts all around
for the statistical attacks to be effective) but it is indeed a serious
vulnerability not fixed by adding more of DROP parameter.

Thanks for pointing this out.
-mk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140312/589a197f/attachment.html>