[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: 64 bit crypto
John A. Limpert says:
> Why would the attacker need to run the key setup 65536 times?
I could have been more clear.
Forgive a little bit of code...
Here is the beginning of the alleged RC4:
for(counter = 0; counter < 256; counter++)
state[counter] = counter;
index2 = 0;
key->x = key->y = index1 = index2 = 0;
for(counter = 0; counter < 256; counter++)
{
index2 = (key_data_ptr[index1] + state[counter] + index2) % 256;
swap_byte(&state[counter], &state[index2]);
index1 = (index1 + 1) % key_data_len;
}
If it was changed to
for(counter = 0; counter < 256; counter++)
state[counter] = counter;
key->x = key->y = index1 = index2 = 0;
for(i = 0; i < 65536) { /* stir the pot a long time */
for(counter = 0; counter < 256; counter++)
{
index2 = (key_data_ptr[index1] + state[counter] + index2) % 256;
swap_byte(&state[counter], &state[index2]);
index1 = (index1 + 1) % key_data_len;
}
}
Then the prepare_key routine would take much much longer.
The idea is that a 64 bit crypto routine can be arbitrarily
secure against brute-forcing, if you are willing to pay a
runtime penalty every time you use it.
thad
-- Thaddeus Beier email: [email protected]
Technology Development vox: 408) 286-3376
Hammerhead Productions fax: 408) 292-8624