Re: RC4 on AMD64
From: Joe Peschel (jpeschel_at_no.spam.org)
Date: Mon, 08 Nov 2004 23:32:03 -0000
Guy Macon <http://www.guymacon.com> wrote in
> Joe Peschel wrote:
>>No, we weren't. You said, "I haven't seen anyone demonstrate
>>the ability to decrypt RC4-encrypted ciphertexts." I told you
>>how to do it.
> Then AES is insecure. Try sending your key in the clear along with
> your ciphertext. There. I just demonstrated the ability to decrypt
> AES-encrypted ciphertexts.
I haven't said RC4 was not secure. And you haven't demonstrated anything
other than you don't understand this attack on RC4. Encrypting a message
twice under the same RC4 key is not the same as sending the key with the
> Now let's leave this imaginary world where RC4 keys are reused
Reusing an RC4 key happens in the real world.
> and AES keys are sent with the ciphertext, and talk about what
> happens in the real world. You say that RC4 is insecure and
> that you can demonstrate the ability to decrypt RC4-encrypted
> ciphertexts? Show us by decrypting a SSL session that uses
> 128-bit RC4.
What do mean "us"?
I can't decrypt an SSL session that uses 128-bit RC4. Never said I could. I
did show you how to decrypt some documents encrypted by RC4. At least, now
you understand why your original challenge was poorly thought out.
-- __________________________________________ When will Bush be tried for war crimes? "Our enemies are innovative and resourceful, and so are we. They never stop thinking about new ways to harm our country and our people, and neither do we." --G. W. B. Joe Peschel D.O.E. SysWorks http://members.aol.com/jpeschel/index.htm __________________________________________