[612] in cryptography@c2.net mail archive
Re: The unmentionable algorithm
daemon@ATHENA.MIT.EDU (jamesd@echeque.com)
Mon Apr 21 13:33:40 1997
From: jamesd@echeque.com
Date: Sun, 20 Apr 1997 08:03:14 +0800
To: EKR <ekr@terisa.com>
Cc: Adam Back <aba@dcs.ex.ac.uk>, smb@research.att.com, coderpunks@toad.com,
cryptography@c2.net
At 05:58 PM 4/20/97 -0700, EKR wrote:
> Assume this time that the checksum is in the clear,
If you have to assume the checksum is in the clear in
order to argue that RC4 has a weakness, you are scraping
the bottom of the barrel.
Why not just assume that key is the clear too while we
are at it?
In fact why not simply assume that we simply do not
bother to encrypt anything with RC4 and transmit
everything in the clear? And while we are at it let
us assume that the enemy comes in and pisses on our
computer.
> Other attacks are probably possible if the checksum is
> something weaker, like CRC.
Assuming of course, we did not bother to encrypt the
perfectly satisfactory CRC checksum by EORing it with
the RC4 cryptographically strong random number stream.
Surely your argument is getting just a wee bit deranged.
> It's true that these aren't cryptographic weaknesses in
> RC4. They're gotchas with using any stream cipher that
> doesn't have feedback from the plaintext.
They are not gotchas. A gotcha is a problem you cannot
get around, or cannot get around without a great deal of
trouble. What you have described are protocol requirements,
not gotchas.
The protocol requirements being:
An authenticated message using RC4 must authenticate
everything, not just some things, and encrypt everything,
not just some things.
Hey: Really strange and surprising requirements that. ;-)
---------------------------------------------------------------------
|
We have the right to defend ourselves | http://www.jim.com/jamesd/
and our property, because of the kind |
of animals that we are. True law | James A. Donald
derives from this right, not from the |
arbitrary power of the state. | jamesd@echeque.com
