[10006] in cryptography@c2.net mail archive
Re: (A)RC4 state leakage
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Thu Dec 27 20:16:04 2001
From: "Steven M. Bellovin" <smb@research.att.com>
To: Damien Miller <djm@mindrot.org>
Cc: cryptography@wasabisystems.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Thu, 27 Dec 2001 20:13:40 -0500
Message-Id: <20011228011340.812FA7B69@berkshire.research.att.com>
In message <Pine.LNX.4.33.0112281140131.1232-100000@mothra.mindrot.org>, Damien
Miller writes:
>The common wisdom when using (A)RC4 as a PRNG seems to be to discard
>the first few bytes of keystream it generates as it may be correlated
>to the keying material.
>
>Does anyone have a reference that describes this in more detail? Or
>am I confused :)
>
Seee http://www.wisdom.weizmann.ac.il/~itsik/RC4/rc4.html for lots of
references on RC4 and attacks on it.
--Steve Bellovin, http://www.research.att.com/~smb
Full text of "Firewalls" book now at http://www.wilyhacker.com
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
