[257] in cryptography@c2.net mail archive
Re: standardizing key schedules
daemon@ATHENA.MIT.EDU (D.Mignone+C.Maeder)
Thu Feb 20 16:42:24 1997
Date: Thu, 20 Feb 1997 22:33:59 +0100
From: mignone@isi.ee.ethz.ch (D.Mignone+C.Maeder)
To: cryptography@c2.net
Cc: reinhold@world.std.com
A. G. Reinhold wrote:
> The initial permutations RC4 produces are hardly random. Counting all key
> lengths, RC4 can only produce 2**257 different permutations, a very sparse
> subset of the 256! ~= 2**1684 possible permutations.
You will reach only a subset of the possible permutations if you consider very
short userkeys. But if the userkey is long enough then every permutation can be
reached, as you can find in D.E.Knuth ``The Art Of Computer Programming'', Vol.2
The only thing you can say is that initial permutations will probably not be
equally distributed.
How did you compute 2**257 as the number of different permutations that RC4 can
produce?
To our knowledge 256**256 different userkey can be chosen at random, using the
full userkey length. This number is much bigger than 256!. Therefore you can
expect that each permutation is reached at least once.
Domenico Mignone & Christoph Maeder
