>In general, if you're not an expert (:), it's worth not messing with the
>core parts of algorithms to prevent an attack when you don't
>undertand the attack.
I do fully understand how both RC4 and the attack work.
[I'm not so sure about that. --PM]
>RC4 has two basic rules for using it securely
>- Use long enough keys.
>- Never EVER reuse a key.
I did those already, I was very well aware that reusing an RC4 key is
a no-no, I even explained the need for this to other people.
>The basic things wrong with the use of RC4 in several broken
>commercial environments (e.g. 802.11 WEP, MS PPTP) include
><snip>
Too short key length wasn't the only problem in WEP: Another problem
arose from the fact that when you toggle a single bit in the
ciphertext, that *same* bit is toggled in the plaintext.
[That's not an RC4 feature -- that's a feature of any stream
cipher. However, in general, any time you use a cipher in a
communications protocol, you want a MAC as well, even if you are using
a block cipher in CBC. --PM]
Therefore,
if the contents of part of the ciphertext is known, that part could
be modified. WEP has integrity checking to protect against this,
however they did this in a flawed way. (the propogation of a bit
toggle can be tracked through the CRC algorithm to determine which
bits of the CRC should be toggled to make sure the change will not be
detected)
in general, I'm not comfortable with this bit-toggle property, but RB
is too sucky to implement a decent algorithm.
Well, I'm working on getting cryptlib working on MacOS anyway, and
then turn it into an RB plugin, and all my problems will be solved :-)
Matthijs van Duin
- PGP Key: 0xB6205CCB <finger:[EMAIL PROTECTED]> -
- FP: D73C 9EE3 5F6B E5D5 8E19 2CBE 4648 8C3E B620 5CCB -
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]