subject:"AES, RC4"

AES, RC4

2009-08-02 Thread PETER SCHWEITZER

Referring to your note of August 1: I haven't found anything about  
breaking RC4 if used with a newly randomly generated key (unrelated to  
any others) for every communication session. I would appreciate being  
enlightened!


(Of course one should throw away initial parts of the stream. I  
suggested doing this to Ron Rivest  RSA in the early 1980s,  
legitimately knowing about the still-secret RC4 cipher-logic from a  
client, to whom I made the same suggestion. But even if one doesn't,  
the result isn't what I would call breaking RC4.) I should say that  
I was appalled when I first learned of people using RC4 with related  
keys; its structure certainly suggested to me that there would be  
vulnerabilities.


Is your partly negative recommendation for AES' ...for most new  
protocol purposes to do with the recent related-key attack? Which I  
would certainly agree is very disquieting, even though, as you say, it  
has no current negative consequences.


I may speculate elsewhere about who knew what  why before the recent  
publication.


Thank you!

P.
(Peter Schweitzer)


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Re: AES, RC4

2009-08-02 Thread Joseph Ashwood

-
From: PETER SCHWEITZER pe...@infosecsys.com
Subject: AES, RC4

Referring to your note of August 1: I haven't found anything about 
breaking RC4 if used with a newly randomly generated key (unrelated to 
any others) for every communication session. I would appreciate being 
enlightened!

If a completely unrelated new key is used, and the key has sufficient 
entropy, and it isn't used for too long, and the entropy of the key is 
fairly smoothly distributed, and the first several bytes are discarded, and 
I'm probably missing a couple of requirements, then RC4 is reasonably 
secure. On the other hand using AES-128 in CTR mode, the key requires 
sufficient entropy. That is the difference, particularly attempting to make 
sure there the RC4 kys are truly unrelated is continually difficult.

Is your partly negative recommendation for AES' ...for most new  protocol 
purposes to do with the recent related-key attack? Which I  would 
certainly agree is very disquieting, even though, as you say, it  has no 
current negative consequences.

The last few weeks have not been kind to AES-256, a couple new attacks, the 
related key on the full structure, and the more recent significant erosion 
in other areas. Like I said, not enough to force an immediate retirement, 
AES-256 remains functionally secure, but the argument for usage is getting 
more difficult, AES-256 seems to be no more secure than AES-128, and is 
slower.
   Joe 

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

AES, RC4

Re: AES, RC4

2 matches

Site Navigation

Mail list logo

Footer information