----- Original Message -----
From: "Ed Gerck" <[EMAIL PROTECTED]>
Subject: [!! SPAM] Re: Is AES better than RC4
Joseph Ashwood wrote:
SOP: discard first 100's of bytes
This is part of the lack of key agility.
Using it securely requires so much in the way of heroic efforts
SOP: hash the key
There is far more to using RC4 securely than sumply hashing the key. Hashing
the key only prevents recovering the original key (to the limits of the hash
used) it does not provide for anything close to all the heroic efforts. If
you look at the design of SSL/TLS a very significant portion of the effort
that has gone into design of the frame/cell/whatever they call them is
specifically to address issues like those seen in RC4.
[Slow rekeying speed makes RC4] unusable for any system that requires
rekeying.
Code RC4 in a way that makes it easy.
You simply cannot code around the fact that the RC4 key processing is dog
slow, and that even after the original keying design there is the necessity
to discard the first several bytes of data. So just in the keying you have
to deviate substantially from the original design.
It's only redeeming factors are that the cipher itself is simple to
write, and once keyed it is fast.
simple to code/verify is good for security too. This is a major
point.
A Viginere cipher is easier to code, we don't recommend it. Just as with a
Viginere cipher, building a secure protocol (even for storage) with RC4
quickly becomes an arms race requiring heroic efforts on the design side
along with huge amounts of compute cycles on the execution side to avoid a
PFY with a laptop. The same amount of effort in design with AES leads to a
simpler, more compact design of approximately the same speed. And exactly as
Ed noted : "simple to ... verify is good for security too."
The truth is that because AES is so much simpler to build a secure protocol
around the end result is actually easier to analyse.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]