Re: What's the bottom line on RC4??
From: David Wagner (daw@mozart.cs.berkeley.edu)
Date: 02/09/03
- Next message: David Wagner: "Re: What's the bottom line on RC4??"
- Previous message: David Wagner: "Re: What's the bottom line on RC4??"
- In reply to: Yama: "Re: What's the bottom line on RC4??"
- Next in thread: David Wagner: "Re: What's the bottom line on RC4??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: daw@mozart.cs.berkeley.edu (David Wagner) Date: Sun, 9 Feb 2003 17:34:05 +0000 (UTC)
Yama wrote:
>But I wasn't advocating using a nonce without dropping bytes so I feel
>the recommendation to use a nonce is sound in the way I stated, which
>was to use them with a master key to create a session key key for a
>particular data set or period of time.
I agree that the Fluhrer-Mantin-Shamir attack doesn't apply if you drop
the first few bytes of output, but after seeing the FMS attack (and other
related-key attacks on RC4), I believe it would be most unwise to put
any faith in the RC4 key schedule. In particular, I believe it would
be imprudent to generate RC4 session keys by concatenating a master key
and a nonce (as you suggested) -- no matter how many bytes of keystream
you drop, this still seems risky.
- Next message: David Wagner: "Re: What's the bottom line on RC4??"
- Previous message: David Wagner: "Re: What's the bottom line on RC4??"
- In reply to: Yama: "Re: What's the bottom line on RC4??"
- Next in thread: David Wagner: "Re: What's the bottom line on RC4??"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
