[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: alleged-RC4
I agree; this cypher should definitely be handed a unique key each
time it is used.
However, you can do this pretty easily for file encryption, too..
Generate and store an "initialization vector" with each file of
cyphertext. Instead of passing the user key directly to RC4, you
instead pass a hash (MD5 or SHA) of the user key concatenated with the
IV.
If you don't have room to store the IV's, you could use some
position-dependant information (e.g., per disk ID plus disk block
number or file inode number) instead.
- Bill