Re: RC4 as a PRNG

From: Bill Unruh (unruh_at_string.physics.ubc.ca)
Date: 11/13/04


Date: 13 Nov 2004 18:26:42 GMT

frankgerlach22@gmx.de (Frank Gerlach) writes:

]If I recall correctly, RC4 is used for WLAN encryption (WEP). For very
]long ciphertexts, it exposes a statistical weakness. Wouldn't this
]mean that RC4 is not a good choice as a PRNG ?

for what purpose? The question is whether that statistical weakness can be
used as an attack on the PRNG. That say some byte shows up with .0001% more
frequency than others is in general pretty useless for any purpose, except
saying that that byte shows up more frequently with .0001% more frequency.

Would it be nice to have a super fast scheme without this weakness? Yes.
However we know that ANY stream cypher has statistical weaknesses. It is a
very very low entropy stream (it is generated by a small key) which is to
say, it has (high order) correlations. Very Very Very strong high order
correlations. Of course finding them and using them is the trick.