In message <[EMAIL PROTECTED]>, bear writ es: >
>>It's one of those things, like re-using a pad. > >Actually, it is re-using a pad, exactly. It's just a pseudorandom >pad (stream cipher) instead of a one-time pad. > >And while WEP had problems, it didn't have that particular problem. >New messages with the "same" key would use a later chunk of the >cipherstream pad under WEP. That's not correct. Each packet is encrypted with a key consisting of <basekey,IV>, where "IV" is a 24-bit counter. It does not use a later part of the stream; each packet starts from the beginning. Note that with a 24-bit key, plus the difficulty of changing the key, there *will* be reuse. It's compounded because (a) everyone has the same key, so there's lots of traffic; (b) both directions use the same key; and (c) some units, when power-cycled, always start the IV at 0, making collisions in that space more likely. Read the Borisov et al. paper for more details on all of these points and more. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]