> Matthew Byng-Maddick[SMTP:[EMAIL PROTECTED]] writes:
> On Sun, Feb 09, 2003 at 11:43:55PM -0500, Donald Eastlake 3rd wrote:
> > been that you either throw away the first 256 bytes of stream key output
> > or use a different key on every message. WEP does neither. TKIP, the new
> You NEVER, EVER, re-use the key for a stream cipher, if you do, you might
> as well just give up. By re-using the key, I can get
> plaintext (combinator) plaintext, which is easier to solve than
> plaintext (combinator) cipherstream.
> It's one of those things, like re-using a pad.
The weird thing about WEP was its choice of cipher. It used RC4, a 
stream cipher, and re-keyed for every block. . RC4 is
not really intended for this application. Today we'd
have used a block cipher with varying IVs if neccessary

I suspect that RC4 was chosen for other reasons - ease of
export, smallness of code, or something like that. It runs fast,
but rekeying every block loses most of that advantage.

Just my personal musings....

Peter Trei

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to