[208] in cryptography@c2.net mail archive
Re: RC4 keysearch
daemon@ATHENA.MIT.EDU (Jim Gillogly)
Mon Feb 10 13:08:51 1997
Date: Mon, 10 Feb 1997 09:32:39 -0800
From: jimg@mentat.com (Jim Gillogly)
To: cryptography@c2.net
> John Kelsey suggests:
> >
> >There are a few obvious speedups available for RC4 keysearch.
> >For example, if you have an implementation that does
> >real_key = salt || short_key with an 11-byte salt and a 5-byte
> >key, then an attacker can tackle the first 11 bytes of key
> >scheduling once, and have all processors start from there.
>
Arnold Reinhold responds:
> I do not believe this can be done with RC4 to any significant extent. The
> key scheduling step requires all the key bits together.
As John says, it depends on the implementation. If it's as he suggested,
real_key = salt{11} || short_key{5}, then you save 11 of the 256
initialization rounds -- perhaps not significant, but a modest improvement.
If the implementation is real_key = salt{11} || SHA1(short_key{5}) then you
get the same gain. If it's real_key = SHA1(salt{11} || short_key{5}), you
can't precompute partial keys.
Jim Gillogly
jim@acm.org
