[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More 40-bit RC4 nonsense



Sticking my foot in my mouth, I wrote:

>    If I recall correctly, the first byte out of the RC4 stream has
> about a 40% chance of being the first byte of the key. Thus, if the

Wrong. It _is_ true that the first byte of the key has a 40%
probability of being the first byte of the initial state vector. It is
_not_ true that the first byte of the initial state vector is the
first byte out of the RC4 stream. Next time I will check the (alleged)
source code before making a fool of myself.

Thus, my attack shortcut will not work.

Kipp Hickman informs me that the salt is concatenated with the secret
part in such a way that the secret portion is least significant. This
seems wise because of the key/statevector characteristic, but wouldn't
make too much difference either way in practice.

Sorry for the confusion.

Raph