On Thu, Oct 11, 2001 at 01:31:36AM -0700, [EMAIL PROTECTED] wrote: | On 8 Oct 2001, at 11:37, Ray Dillinger wrote: | > In which case, what you've got isn't RC4 anymore | | You do not understand encryption. | | RC4 is an encryption method, that needs to be part of a | protocol. The protocol can be designed correctly or | incorrectly, but either way it is still a protocol that uses | RC4. | | In the usual protocols that contain RC4, each session has a | new transient session key. The fact that RC4 leaks a small | amount of information about that session key is unimportant | in such protocols. | | RC4 is like a brick that can be used to build a house.
I'd say that RC4 is like one of those cool, semi-opaque glass bricks. Not in the sense that it is weak (you can put quite a bit of load on a wall of those) but in the sense that it is different than your typical dried-mud sort of brick. Designing protocols is a hard field, and there seem to be lots of mistakes made when people use RC4. Is that because its a bad cipher? No, its because people aren't used to working with it. Because of that, I tend to look askew at RC4 based systems. Adam -- "It is seldom that liberty of any kind is lost all at once." -Hume --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]