[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Verifying RC4
> "RC4" as used herein, is used to identify an apparently reverse-engineered
> algorithm recently posted to sci.crypt that claimed it was compatible with
> the RC4 sold by RSA Data Security, Inc. (RSADSI) and/or Public Key Partners
> (PKP). Although the reaction of RSADSI and the press indicates that the two
> algorithms are the same, I could have missed something.
I suggest that someone apply for expedited export permission for some
small piece of software that uses the "apparent reverse-engineered
RC4". Tell them that you want to export crypto software containing
RC4 on the 7-day plan. The State Department will send you a set of
test-vectors which you can use to prove that you're really using the
real RC4. If you pass, and are given export permission, then I guess
the rev-eng version is the real thing. Be sure your keys are 40 bits
or less (only for purposes of the test export; I don't recommend short
keys for any other purpose).
Full bureaucratic details are at ftp://ftp.cygnus.com/pub/export/cjr.kit.
Search for "test vector". This info is also reachable from my Web
page on crypto export, http://www.cygnus.com/~gnu/export.html.
Please email me a full copy of any CJ that you submit, so I can add it
to the Web page (along with the eventual response from the gov't).
John Gilmore