Re: VMPC

From: fortune.bruce@xxxxxxxxx
Date: 28 Mar 2007 15:51:56 -0700

On Mar 28, 2:37 pm, Kristian Gjøsteen <kristiag+n...@xxxxxxxxxxxx>
wrote:

<fortune.br...@xxxxxxxxx> wrote:

Although I think that you rarely have an opportunity to observe that
much data before it is re-keyed.

As far as I know, rekeying does not help against the RC4 distinguisher.
I don't know if that is also the case against VMPC.

I admit, I am trying to get this discussed, as when distinguishers get
large enough, it becomes harder to see why this is a real-world
problem.

It isn't a disaster-style problem, but it is hard to see why one would
want to use a currently somewhat broken system when unbroken systems
are available. (I think there are unbroken systems available faster
than RC4.)

--
Kristian Gjøsteen

Thank you, Kristian Gjøsteen

The question was not about RC4, but was about VMPC.

The OP asked about replacing AES or RC6 with VMPC.

Of course, AES is a better choice. But I was trying to generate
discussion on VMPC, which to coin Paul Rubin's description of RC4, is
almost hypnotically simple in its construction.

Like RC4, it is possible to code VMPC from memory.

.

Follow-Ups:
- Re: VMPC
  - From: Kristian Gjøsteen
- Re: VMPC
  - From: tor

References:
- VMPC
  - From: Bartosz Wójcik
- Re: VMPC
  - From: Wei Dai
- Re: VMPC
  - From: fortune . bruce
- Re: VMPC
  - From: Kristian Gjøsteen

Prev by Date: Re: ANNOUNCE: no more prime numbers
Next by Date: Re: VMPC
Previous by thread: Re: VMPC
Next by thread: Re: VMPC
Index(es):
- Date
- Thread

Relevant Pages

Re: About VMPC
... recovering the internal state of RC4 by [Knudsen, Meier, Preneel, ... VMPC one-way function, for example if we assume that s is the argument ... in case any weakness was found in the cipher in the future. ... over RC4 but they also said that RC4A would still fail the Golic's ...
(sci.crypt)
About VMPC
... Some days ago i looked at the documentation about VMPC, ... interesting since add further levels of non linearity compared to RC4 ... is a 257-byte array indexed by numbers from 0 to 256, ... about 256**212 so keys up to 212 bytes would teorically have sense, ...
(sci.crypt)
Re: Best way to salt RC4?
... You might find it convenient to use VMPC instead of RC4. ... The cons of VMPC compares to RC4 is that it is less broadly analysed ... Bartosz Zoltak ...
(sci.crypt)
Re: RC4 hygiene
... Zoltak may certainly explain it better (he also uses a modified KSA ... the RC4 box, is a non linear process that let the RC4 box in a ... But I still think Zoltak method it's very clever because fix the RC4 ... have to deal with an IV, not only about VMPC), so we can not ...
(sci.crypt)
Re: Looking for Streaming Cipher alternative to Blowfish
... consider new designs - you can look at VMPC. ... RC4 or any other cipher mentioed here. ... VMPC is documented in a paper "VMPC Stream Cipher" avilable at ...
(sci.crypt)