[557] in cryptography@c2.net mail archive
Re: RC4 rollback/rollforward question
daemon@ATHENA.MIT.EDU (Tim Dierks)
Wed Apr 16 13:57:58 1997
In-Reply-To: <199704161620.JAA15329@zendia.mentat.com>
Date: Wed, 16 Apr 1997 10:30:46 -0700
To: jimg@mentat.com (Jim Gillogly)
From: Tim Dierks <timd@consensus.com>
Cc: cryptography@c2.net, rodney@sabletech.com
At 9:20 AM -0700 4/16/97, Jim Gillogly wrote:
>Rodney Thayer asks:
>> The comment has been made that you can deal with out of order input to a
>> streaming cipher, like RC4. One thing I didn't quite catch was what you do
>> to "roll forward" the RC4 state so you can handle this case:
>>
>> stream offset xxx data aaa bbb ccc ddd
>> stream offset xxx+yyy data eee fff ggg hhh
>
>After initialization, RC4 produces one "cryptographically random" byte each
>time it's called. Since this byte does not depend on the plaintext, to get
>to offset yyy you simply need to call it yyy times in a loop, ignoring the
>results. When it's done you're ready to start with eee. Rolling forward
>is indeed trivial.
What's more, RC4 can be reversed, so you could in theory run the engine
backwards to position xxx if you needed to recover the output you skipped.
- Tim
Tim Dierks - timd@consensus.com - www.consensus.com
Software Haruspex - Consensus Development
Developer of SSL Plus: SSL 3.0 Integration Suite
