Re: Why Micosoft products using RC4 failed

From: David Wagner (daw@mozart.cs.berkeley.edu)
Date: 04/11/03


From: daw@mozart.cs.berkeley.edu (David Wagner)
Date: Fri, 11 Apr 2003 07:45:39 +0000 (UTC)

Schmenge wrote:
>True that unanalyzed is risky, but I'm not quite sure I'm using it in
>an unanalyzed fashion.

If you did any analysis of your proposal, I missed it....

Remember, "anyone can create an algorithm that he himself
can't break" [Schneier]. The trick is to create a cipher that
noone else can break. That's hard, and it's not something you
can do off the cuff.

http://www.counterpane.com/crypto-gram-9810.html#cipherdesign

>The attacks seem to coincide with starting RC4 with a weak key, or
>using the first couple bytes to gain a wedge, but I'm not doing that.

Common pitfall: Argue that a proposal defeats all the pre-existing
attacks, hence "it must be secure".

That's a strategy that's unjustified. There's nothing to ensure that
an attacker will only follow the standard, pre-existing attacks.
The attacker might adapt his attack strategy according to what enciphering
algorithm you use. If your enciphering algorithm is different from what
anyone ha used before, then there's no reason to think that protection
against the pre-existing attacks means anything.

>I'm trying to carefully use this PRNG strength to PRF and HMAC. This
>is not innovation, is it?

Of course it is.



Relevant Pages

  • Password "security" - was"Passwords with Lan Manager (LM) under Windows" and &qu
    ... it is limited to 7 characters, when NTLM is up to 14 in older Windows, ... Algorithm 256 encryption algorithm and AES ... etc) will have infinite collisions. ... Final rant, other attacks on passwords... ...
    (Pen-Test)
  • Re: Security of Secret Algorithm encruption
    ... > how difficult is it to attack an arbitrary and unknown algorithm? ... cracks that attackers can use for compromise. ... secret algorithm that was supposed to be widely deployed ... ... so the threat models are not only how difficult are frontal attacks ...
    (sci.crypt)
  • Re: How to pick best encryption algorithm based on application
    ... the optimum encryption algorithms for your particular application. ... severley affected if one algorithm is better at treating a continuous ... AES and other AES contest finalist will be unfeasible to break from a ... we should take in account not only attacks to the algorithm ...
    (sci.crypt)
  • Re: Invision Power Board Army System Mod <= 2.1 SQL Injection Exploit
    ... If you use an ecryption algorithm to store/get data into/from the ... database you will not be able to do SQL injections? ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, forms, ...
    (Pen-Test)
  • Re: Random delay as a countermeasure to timing attacks
    ... random delays is an efficient countermeasure against timing ... and are the only randomness in the adversary's measurements. ... One of the key features of an algorithm are that it be fast. ... where other attacks such as brute force ...
    (sci.crypt)