Referring to your note of August 1: I haven't found anything about
breaking RC4 if used with a newly randomly generated key (unrelated to
any others) for every communication session. I would appreciate being
enlightened!
(Of course one should throw away initial parts of the stream. I
suggested doing this to Ron Rivest & RSA in the early 1980s,
legitimately knowing about the still-secret RC4 cipher-logic from a
client, to whom I made the same suggestion. But even if one doesn't,
the result isn't what I would call "breaking" RC4.) I should say that
I was appalled when I first learned of people using RC4 with related
keys; its structure certainly suggested to me that there would be
vulnerabilities.
Is your partly negative recommendation for AES' "...for most new
protocol purposes" to do with the recent related-key attack? Which I
would certainly agree is very disquieting, even though, as you say, it
has no current negative consequences.
I may speculate elsewhere about who knew what & why before the recent
publication.
Thank you!
P.
(Peter Schweitzer)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
