[14836] in cryptography@c2.net mail archive
Re: Open Source Embedded SSL - Export Questions
daemon@ATHENA.MIT.EDU (Bill Stewart)
Sat Nov 29 09:05:11 2003
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
Date: Thu, 27 Nov 2003 23:24:29 -0800
To: Greg Rose <ggr@qualcomm.com>
From: Bill Stewart <bill.stewart@pobox.com>
Cc: tls@rek.tjls.com, cryptography@metzdowd.com
In-Reply-To: <6.0.0.22.2.20031127144317.038770f8@203.30.171.17>
At 02:45 PM 11/27/2003 +1100, Greg Rose wrote:
>At 12:27 PM 11/27/2003, Thor Lancelot Simon wrote:
>>RC4 is extremely weak for some applications.
>>A block cipher is greatly preferable.
>
>I'm afraid that I can't agree with this howling logical error.
>RC4 is showing its age, but there are other stream ciphers
>that are acceptable, and there are block ciphers
>(such as FEAL, same vintage as RC4) that aren't even vaguely secure.
Well, to be more precise,
RC4 has restrictions on the ways you can use it that
make its crypto strength fail very badly if you violate them,
and because it's an XOR stream cypher there are sometimes
things you can't do with it that you could do with a block cypher.
RC4 does also have the historical problem that people sometimes
decide to use it with 40-bit keys because they can...
OTOH, of course being a block cypher isn't enough to guarantee
either strength or usefulness, e.g. bass-o-matic.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
