[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: More 40-bit RC4 nonsense

To: [email protected]
Subject: Re: More 40-bit RC4 nonsense
From: [email protected] (Michael Johnson)
Date: Tue, 13 Dec 94 14:59:52 MST
Newsgroups: mail.cypherpunks
References: <[email protected]>
Reply-To: [email protected]
Sender: [email protected]

Raph Levien writes:

>   If I recall correctly, the first byte out of the RC4 stream has
>about a 40% chance of being the first byte of the key. Thus, if the
>40-bit "secret" part of the key is the _beginning_ of the full 128-bit
>key, then the keyspace is effectively reduced by about seven bits,
>meaning that I would be able to crack a key on my PC in a couple of
>days or so.
>   Of course, if the "clear" 88 bits went first, there would be no
>advantage whatsoever. The SSL document very carefully does not say
>how they combine the two key parts to form the 128-bit key. Does
>anyone know?

Why did the NSA require that an application using the Sapphire Stream Cipher
be limited to a _32-bit_ session key instead of the well-known _40-bit_
limit for RC4?  I wonder if there are other key bit leaks that cover the other 
60%?

Hmmm....

Follow-Ups:
- Re: More 40-bit RC4 nonsense
  - From: "Ian Farquhar" <[email protected]>

References:
- More 40-bit RC4 nonsense
  - From: [email protected] (Raph Levien)

Prev by Date: Re: Clarification of my remarks about Netscape
Next by Date: Re: Winsock & PGP Integration
Prev by thread: More 40-bit RC4 nonsense
Next by thread: Re: More 40-bit RC4 nonsense
Index(es):
- Date
- Thread