Re: Stream cipher against block cipher

From: AE (nospam_at_hidden.com)
Date: 07/07/03

• Next message: DSCOTT: "Re: Pardon the intrusion from a newbie"
• Previous message: PlasmaJohn: "Re: Patent valid, Shamir secret sharing?"
• In reply to: Mrsjunecarey: "Re: Stream cipher against block cipher"
• Next in thread: Douglas A. Gwyn: "Re: Stream cipher against block cipher"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 07 Jul 2003 16:10:41 +0200

The problem is that just placing the IV at the beginning of the stream
and not doing anything else - like when using a block cipher in CBC or
CFB mode - is completely useless and doesn't change the remaining
keystream at all.

Since there is no feedback with plain- or ciphertext there is no other
way to get different keystreams than to change the key itself :-(

Skipping a variable number of bytes at the beginning is useless, so
there's no way to re-use a key in a way that would give me a good feeling:

Even if the problem of the weak key-scheduling of RC4 can be solved by
dropping a number of bytes this doesn't change the fact that
key-material is exposed and RC4 was never designed to defeat attacks on
the key-scheduling.

>From my point of view one should either find a way to exchange the whole
key in a secure way every time a new message is encrypted or use a block
cipher in CTR or OFB mode.

Mrsjunecarey wrote:
> The context of this thread is the method suggested by Doug Gwyn of transmitting
> the IV in the clear before the ciphertext.
>
> That is the method I'm referring to, and you can use it with RC4. But as you
> rightly mention, there are security problems associated with that technique.
>
>
>>There's indeed no way just to add an IV to RC4. Using a nounce means
>>changing the key and - since the nounce has to be transmitted in clear -
>>exposing part of the key-material to an attacker, which allows her to
>>mount key-scheduling attacks.
>>
>>AE
>
>

---

• Next message: DSCOTT: "Re: Pardon the intrusion from a newbie"
• Previous message: PlasmaJohn: "Re: Patent valid, Shamir secret sharing?"
• In reply to: Mrsjunecarey: "Re: Stream cipher against block cipher"
• Next in thread: Douglas A. Gwyn: "Re: Stream cipher against block cipher"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Another Dumb Idea for Debunking... ... Be aware that RC4 is deprecated. ... would say to use a modern cipher like AES. ... block cipher work like a stream cipher (if that's what you really ... If one is designing a stream cypher, ... (sci.crypt) Re: Another Dumb Idea for Debunking... ... Be aware that RC4 is deprecated. ... would say to use a modern cipher like AES. ... block cipher work like a stream cipher (if that's what you really ... a block cypher adds an unnecessary burdon on the cypher design. ... (sci.crypt) Re: rotor alternative? ... your cipher is doing, ... you encrypt the same plaintext twice with the same key, ... Being loosely inspired by RC4 is unreassuring on several grounds. ... WEP with a very limited amount of captured traffic. ... (comp.lang.python) Re: About VMPC ... recovering the internal state of RC4 by [Knudsen, Meier, Preneel, ... VMPC one-way function, for example if we assume that s is the argument ... in case any weakness was found in the cipher in the future. ... over RC4 but they also said that RC4A would still fail the Golic's ... (sci.crypt) Re: Securing ARC4 ... whole-file level. ... RC4 has biases that exhibit themselves at around the gigabyte level. ... Your modification isn't RC4 based - it's a new cipher. ... Security costs CPU cycles - why do you think encryption takes time? ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2003-07