[Cryptography] RC4 again (actual security, scalability and other discussion)

Miroslav Kratochvil exa.exa at gmail.com
Wed Mar 12 06:04:43 EDT 2014

> The double-byte biases, on the other hand, are killers.  They're present
> in the long-term state of the algorithm, and while small, are demonstrably
> sufficient to actually break encrypted text with a reasonable amount of
> input. [.....]
> That's convinced me personally.  RIP RC4.

This is a good argument. It's not effective in my case (I was "reasonable"
with the setup and I don't throw many key&plaintext ciphertexts all around
for the statistical attacks to be effective) but it is indeed a serious
vulnerability not fixed by adding more of DROP parameter.

Thanks for pointing this out.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140312/589a197f/attachment.html>

More information about the cryptography mailing list