At 5:05 PM -0400 9/9/99, Thomas W. Kellar wrote:
>I wrote a rc4 based encryption/decryption program for my TI86. You can
>enter an alphabetic key (up to 256 characters). Enter some uppercase only
>alphabetic plaintext, then it displays decimal numbers representing the
>encryption of the plaintext. In decrypt mode you enter your key, then the
>decimal numbers previously produced and it displays your plaintext again.
>I used B. Schneier's description in _Applied Cryptography_ 2nd ed as the
>basis for the rc4. If anyone wants a copy of it, send me a note. As a
>USA citizen residing in the USA, I believe you are supposed to be
>similarly situated before I can send it to you.
Take a look at http://ciphersaber.gurus.com for some additional stuff
you should add to you program, like an initialization vector (IV) to
prevent the same key from being used twice. You will also find some
test vectors there.
>Considering that the
>key can only have 28 possible values for each octet, there is probably
>not much security in it. (A..Z plus space and = sign)
The good news is that you are completely wrong. I suspect you have
been brain-washed by all the password advice out there that says you
must use numbers and special characters. Hogwash!
28 values are more than enough for strong security. Even 26 will do.
If you pick letters at random from [A-Z], each letter gives you 4.7
bits of entropy. 28 values makes it 4.8 bits per letter. That means a
90-bit password would be 19 letters long. (The consensus is that 90
bits is enough for long term strong security.) Here is what one would
look like:
otvga dzkgr ekhao woya
If you use a 96 character alphabet (upper and lower case, numbers and
special characters) you get 6.58 bits per character. That means your
90-bit password would take only14 characters. For example:
,If7m w*<R. m?4Q
That is a little shorter, but harder to remember or enter. I don't
think the saving is worth it.
You can also use a 7 word diceware passphrase (see
http://www.diceware.com) For example:
onion bedim zero km sousa nell rimy
I think the last is the easiest to remember, but tastes vary. All are
equally secure!
Arnold Reinhold
