Re: Why Micosoft products using RC4 failed

From: David Wagner (
Date: 04/11/03

From: (David Wagner)
Date: Fri, 11 Apr 2003 07:45:39 +0000 (UTC)

Schmenge wrote:
>True that unanalyzed is risky, but I'm not quite sure I'm using it in
>an unanalyzed fashion.

If you did any analysis of your proposal, I missed it....

Remember, "anyone can create an algorithm that he himself
can't break" [Schneier]. The trick is to create a cipher that
noone else can break. That's hard, and it's not something you
can do off the cuff.

>The attacks seem to coincide with starting RC4 with a weak key, or
>using the first couple bytes to gain a wedge, but I'm not doing that.

Common pitfall: Argue that a proposal defeats all the pre-existing
attacks, hence "it must be secure".

That's a strategy that's unjustified. There's nothing to ensure that
an attacker will only follow the standard, pre-existing attacks.
The attacker might adapt his attack strategy according to what enciphering
algorithm you use. If your enciphering algorithm is different from what
anyone ha used before, then there's no reason to think that protection
against the pre-existing attacks means anything.

>I'm trying to carefully use this PRNG strength to PRF and HMAC. This
>is not innovation, is it?

Of course it is.