On Jul 27, 2009, at 4:50 AM, James A. Donald wrote:
From: "Nicolas Williams" <nicolas.willi...@sun.com>
For example, many people use arcfour in SSHv2 over AES because
arcfour
is faster than AES.
Joseph Ashwood wrote:
I would argue that they use it because they are stupid. ARCFOUR
should have been retired well over a decade ago, it is weak, it
meets no reasonable security requirements,
No one can break arcfour used correctly - unfortunately, it is
tricky to use it correctly.
RC-4 is broken when used as intended. The output has a statistical
bias and can be distinguished.
http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/FluhrerMcgrew.pdf
and there is exceptional bias in the second byte
http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/bc_rc4.ps
The latter is the basis for breaking WEP
http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/wep_attack.ps
These are not attacks on a reduced algorithm, it is on the full
algorithm.
If you take these into consideration, can it be used "correctly"? I
guess tossing the first few words gets rid of the exceptional bias,
and maybe change the key often to get rid of the statistical bias? Is
this what you mean by used "correctly"?
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
