Re: RC4 on AMD64

From: Joe Peschel (jpeschel_at_no.spam.org)
Date: 11/09/04

• Next message: Mok-Kong Shen: "Re: RC4 on AMD64"
• Previous message: Sundar: "How to create PEM file from hex keys"
• In reply to: Guy Macon: "Re: RC4 on AMD64"
• Next in thread: Bill Unruh: "Re: RC4 on AMD64"
• Reply: Bill Unruh: "Re: RC4 on AMD64"
• Reply: Guy Macon: "Re: RC4 on AMD64"
• Reply: Giorgio Tani: "Re: RC4 on AMD64"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Mon, 08 Nov 2004 23:32:03 -0000

Guy Macon <http://www.guymacon.com> wrote in
news:10ovm8ktkqhu701@corp.supernews.com:

>
> Joe Peschel wrote:
>
>>No, we weren't. You said, "I haven't seen anyone demonstrate
>>the ability to decrypt RC4-encrypted ciphertexts." I told you
>>how to do it.
>
> Then AES is insecure. Try sending your key in the clear along with
> your ciphertext. There. I just demonstrated the ability to decrypt
> AES-encrypted ciphertexts.

I haven't said RC4 was not secure. And you haven't demonstrated anything
other than you don't understand this attack on RC4. Encrypting a message
twice under the same RC4 key is not the same as sending the key with the
ciphertext.

>
> Now let's leave this imaginary world where RC4 keys are reused

Reusing an RC4 key happens in the real world.

> and AES keys are sent with the ciphertext, and talk about what
> happens in the real world. You say that RC4 is insecure and
> that you can demonstrate the ability to decrypt RC4-encrypted
> ciphertexts? Show us by decrypting a SSL session that uses
> 128-bit RC4.

What do mean "us"?

I can't decrypt an SSL session that uses 128-bit RC4. Never said I could. I
did show you how to decrypt some documents encrypted by RC4. At least, now
you understand why your original challenge was poorly thought out.

J

-- 
__________________________________________
When will Bush be tried for war crimes?
"Our enemies are innovative and resourceful, and so are we.  They 
never stop thinking about new ways to harm our country and our 
people, and neither do we." --G. W. B.
Joe Peschel 
D.O.E. SysWorks                                 
http://members.aol.com/jpeschel/index.htm
__________________________________________

---

• Next message: Mok-Kong Shen: "Re: RC4 on AMD64"
• Previous message: Sundar: "How to create PEM file from hex keys"
• In reply to: Guy Macon: "Re: RC4 on AMD64"
• Next in thread: Bill Unruh: "Re: RC4 on AMD64"
• Reply: Bill Unruh: "Re: RC4 on AMD64"
• Reply: Guy Macon: "Re: RC4 on AMD64"
• Reply: Giorgio Tani: "Re: RC4 on AMD64"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: RC4 on AMD64 ... >> Then AES is insecure. ... >> your ciphertext. ... >I haven't said RC4 was not secure. ... >other than you don't understand this attack on RC4. ... (sci.crypt) Re: RC4 on AMD64 ... Joe Peschel writes: ... ]>>the ability to decrypt RC4-encrypted ciphertexts." ... I just demonstrated the ability to decrypt ... ]other than you don't understand this attack on RC4. ... (sci.crypt) Re: Designing a secure message format ... which would be used to decrypt a message header, ... additional information needed to decrypt the body of the message. ... RC4 is very easy to program, ... Given that you will have 3DES and/or AES available, ... (sci.crypt) RC4 Drop ... I found a thread archived on Google regarding RC4 byte dropping vs key ... wouldn't decrypt. ... I duplicated the encryption/decryption loop. ... In the second copy I run it as normal (reading PT/CT and producing output). ... (sci.crypt) Re: In 802.11 WEP, why is the IV transmitted plaintext? ... >> Because otherwise the receiver would not be able to decrypt. ... >Why couldn't the IV could be encrypted in ECB mode? ... With RC4? ... (sci.crypt)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > sci.crypt  > 2004-11