Re: Conficker C and Ron Rivest



Unruh <unruh-spam@xxxxxxxxxxxxxx> writes:
ggr@xxxxxxxxxxxxx (Greg Rose) writes:

In article <tGvxl.19085$PH1.296@edtnps82>,
Unruh <unruh-spam@xxxxxxxxxxxxxx> wrote:
Is RC4 more or less secure than AES? I doubt that any reputable
cryptographer would make a pronouncement.

I don't know if I count as reputable, but I would
certainly make the pronouncement that RC4 is
currently thought to be much weaker than AES. RC4
has distinguishers at about 2^32 bytes of output,
whereas AES has no known weaknesses worse than
generic attacks.

Much weaker? On what basis?
Distingushers do not imply attacks. They may make you worry. AES has
complexity and slow speed, which means it will not be used when it should
be, and thus the security is be 0. Security is NOT just a matter of
technical features, but the whole security apparatus, including the user.
Now you are still going to say that RC4 is less secure than AES?
Your comments sound like "That ford has a chip in the paint while that
chevy does not, and thus the chevy is a better car."

Wouldn't "That ford needs refuelling every 2^32 thous, whereas the
chevy needs refuelling every 2^64 thous" be more useful as an analogy?

Phil
--
Marijuana is indeed a dangerous drug.
It causes governments to wage war against their own people.
-- Dave Seaman (sci.math, 19 Mar 2009)
.



Relevant Pages

  • Re: Conficker C and Ron Rivest
    ... certainly make the pronouncement that RC4 is ... currently thought to be much weaker than AES. ... has distinguishers at about 2^32 bytes of output, ...
    (sci.crypt)
  • Re: Conficker C and Ron Rivest
    ... An attack is the ability to get cleartext from encrypted text without ... If a cipher is designed to have no distinguishers, ... I know with aes that there are only ... If you are going to argue that RC4 having a distinguisher makes it ...
    (sci.crypt)
  • Re: RC4, With Homebrew MAC...
    ... Though MD5 and SHA-1 would be faster than AES I think AES in CTR ... RC4 is shown to be very fast here because the machine I ran this on ... > your software discard some of the first outputs of the stream. ... > About your MAC, literature says that is not easy to get a good MAC ...
    (sci.crypt)
  • Re: Generate a one-time pad from say a 256bit key?
    ... a laptop with a 160GB hard drive. ... consider RC4 insecure because of it? ... As you point out, AES, the suggested alternative, is slow. ... are going to go to war based on whether or not the contents are Persian or ...
    (sci.crypt)
  • Re: Randomness: All youll ever need to know
    ... the set of all permutations on n symbols. ... terms of distinguishers. ... (uniform probability), keep it secret, and program it into a black box. ... that AES is secure, iff the adversary has no feasible means of telling ...
    (sci.crypt)