[602] in cryptography@c2.net mail archive
Re: The unmentionable algorithm
daemon@ATHENA.MIT.EDU (jamesd@echeque.com)
Mon Apr 21 13:28:43 1997
From: jamesd@echeque.com
Date: Sun, 20 Apr 1997 08:04:18 +0800
To: Steven Bellovin <smb@research.att.com>
Cc: coderpunks@toad.com, cryptography@c2.net
James A. Donald
> So what. Big deal. People do not use symmetric keys twice.
At 08:16 AM 4/20/97 -0400, Steven Bellovin wrote:
> Keys are generally negotiated to protect *sessions*. A session can be
> more than one message, in which case the encryption (often) starts anew for
> each message.
In which case one continues the state of the RC4 permutation
from where one left off.
Of course this adds complexity to the algorithm if we wish to
handle message failure, but even with such added complexity
(keeping copies of the RC4 permutation) RC4 is still substantially
simpler since we have to keep copies of message state information
anyway.
The defects of RC, are remedied by simple measures, such as
keeping a count and keeping a checksum, which one would
ordinarily have to implement, though in different and
inequivalent ways, for other reasons anyway.
> First, if you're using an encrypted file system
Agreed: Obviously RC4 is unsuitable for an encrypted file system.
However it is entirely suitable for an application such as PGP.
And none of the deficiencies of RC4 you have described are
cryptographic weaknesses. They are protocol requirements.
---------------------------------------------------------------------
|
We have the right to defend ourselves | http://www.jim.com/jamesd/
and our property, because of the kind |
of animals that we are. True law | James A. Donald
derives from this right, not from the |
arbitrary power of the state. | jamesd@echeque.com
