At 1:26 PM -0800 2/10/03, David Wagner wrote: >It's hard to believe that RC4 was chosen for technical reasons. >The huge cost of key setup per packet (equivalent to generating 256 >bytes of keystream and then throwing it away) should dominate the other >potential advantages of RC4.
The technical reasons people might chose RC4 for an embedded application like 802.11 WEP include: * Code size so close to zero as to make no never mind. * Intermediate data size so close to zero as to make no never mind. * Fast key setup (Forget tossing the 256 bytes of key stream. The designers weren't crypto engineers. Personally, I'd toss the first 1024.) * Fast encrypt/decrypt. * Commonly used in respected security applications (e.g. SSL). >In any case, WEP would clearly look very different if it had been designed >by cryptographers, and it almost certainly wouldn't use RC4. Look at >CCMP, for instance: it is 802.11i's chosen successor to, and re-design >of, WEP. CCMP uses AES, not RC4, and I think that was a smart move. I agree. WEP is what you get when you don't seek public review. Cheers - Bill ------------------------------------------------------------------------- Bill Frantz | Due process for all | Periwinkle -- Consulting (408)356-8506 | used to be the Ameican | 16345 Englewood Ave. [EMAIL PROTECTED] | way. | Los Gatos, CA 95032, USA --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]