Re: Another Dumb Idea for Debunking...


TC wrote:
- RC4 is a "stream cipher". With stream ciphers, you must never use the
same key more than once. Otherwise, you open yourself to a
devastatingly effective & simple "known plaintext" attack. One way to
avoid this problem is to use an initialization vector or IV. Google
"stream cipher" or "Initialization vector" for more information.

Done. I use a random 256-byte key for the first encryption, making
each encrypted output file unique.

- RC4 internally produces a sequence of pseudorandom numbers to perform
the encryption. The first few of those numbers sometimes exhibt
unhealthy correlations with the input key value. So, it is often
suggested to discard the first 256(?) pseudorandom numbers produced by
the cipher. You have to *reprogram it accordingly*. Obviously, the
receiver & transmitter must both agree on this change. It's no good if
one of them uses that change but the other one doesn't.

Done. I now throw away the first 256 bytes (both times).

I also tested that without my hack to the RC4 method, I get the same
result as RC4. Personally, I don't see any down-side to adding the
plaintext into the scrambling of the key. Seems to me, it can only be
good. What do you think?

Also, it sounds like just these simple steps are needed to make RC4
good enough for real use, without replacing the key very often. Do I
need to run it twice like this? There's not much down-side, since I'm
pretty sure it's still faster than the lzo compression.

Thanks -- Bill

.

Relevant Pages

  • Re: Another Dumb Idea for Debunking...
    ... devastatingly effective & simple "known plaintext" attack. ... avoid this problem is to use an initialization vector or IV. Google ... I use a random 256-byte key for the first encryption, ... I also tested that without my hack to the RC4 method, ...
    (sci.crypt)
  • Re: Storing user information as RC4 - safe?
    ... somewhere in them, that is known plaintext. ... Or what about RC4ing the plaintext and then RC4ing the RC4 again? ... what would an attacker assume this RC4 text to be? ... Considering the level of protection needed I am wondering if he could use the built in encryption of Windows Pro? ...
    (sci.crypt)
  • Indistinguishability and integrity in symmetric encryption
    ... "The 'right' security property for general-purpose symmetric encryption". ... >symmetric encryption scheme (for which the empty plaintext is not ... A has interfaces to an encryption oracle ... It is assumed that the ciphertext returned by A is different to all those ...
    (sci.crypt)
  • Re: NEWBIE QUESTION: Key space exhaustion - How do I know when Im there?
    ... key exhaustion is the only option, ... looking at the result of a block decryption, then by all means you have ... found a big fat weakness in the encryption system. ... E.g. the resulting plaintext "makes sense" ...
    (sci.crypt)
  • RE: Encrypted Communications and Predictable Communications?
    ... There are more sophisticated attacks which might use known plaintext ... consider a database system, with a client application on one machine and a database server on another. ... How much does the predictability of such message exchanges ... Should the encryption system take steps to ensure that the encrypted data contains random information to pad out messages to at least the minimum ...
    (SecProg)
Quantcast