Re: Another Dumb Idea for Debunking...


Bill Cox wrote:


You said RC4 could be used securely if you are careful. Can you
elaborate, since I'm going to try to use it in TinyCrypt?

As I understand it:

- RC4 is a "stream cipher". With stream ciphers, you must never use the
same key more than once. Otherwise, you open yourself to a
devastatingly effective & simple "known plaintext" attack. One way to
avoid this problem is to use an initialization vector or IV. Google
"stream cipher" or "Initialization vector" for more information.

- RC4 internally produces a sequence of pseudorandom numbers to perform
the encryption. The first few of those numbers sometimes exhibt
unhealthy correlations with the input key value. So, it is often
suggested to discard the first 256(?) pseudorandom numbers produced by
the cipher. You have to *reprogram it accordingly*. Obviously, the
receiver & transmitter must both agree on this change. It's no good if
one of them uses that change but the other one doesn't.

- RC4 exhibits other statistical biases if you use it to encrypt more
than 50 billon squintillion gazillon quadrillion bytes of information.
This will allow an attacker to - uh - your guess is as good as mine!
But the experts here are very definite that this is a problem. You
should easily find discussions of this by googling for RC4 in this
newsgroup.



"Cryptanalysis relies on exploiting redundancies in the plaintext;

Personally, I would have thought that was wrong. Modern ciphers do not
show any statistical anomalies in the ciphertext, so there are no
redundancies to exploit. Yes folks? No?


HTH,
TC (MVP MSAccess)
http://tc2.atspace.com

.

Relevant Pages

  • Re: rotor alternative?
    ... your cipher is doing, ... you encrypt the same plaintext twice with the same key, ... Being loosely inspired by RC4 is unreassuring on several grounds. ... WEP with a very limited amount of captured traffic. ...
    (comp.lang.python)
  • Re: About VMPC
    ... recovering the internal state of RC4 by [Knudsen, Meier, Preneel, ... VMPC one-way function, for example if we assume that s is the argument ... in case any weakness was found in the cipher in the future. ... over RC4 but they also said that RC4A would still fail the Golic's ...
    (sci.crypt)
  • Re: Securing ARC4
    ... whole-file level. ... RC4 has biases that exhibit themselves at around the gigabyte level. ... Your modification isn't RC4 based - it's a new cipher. ... Security costs CPU cycles - why do you think encryption takes time? ...
    (sci.crypt)
  • Re: A variation of RC4
    ... >than the original cipher is generally a big problem when trying to ... >win acceptance for it. ... We do it because RC4 is the simplest and most hackable ... >AES and your in a whole world of pain. ...
    (sci.crypt)
  • Re: Tiny, simple solution for microcontroller flash loader?
    ... RC4 on the same device. ... If you have a good cipher, ... CRCs are linear, so you can make any change you want to the ... I realize you were talking about a secret shuffle. ...
    (sci.crypt)