[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cryptanalysis of RC4 - Preliminary Results (Repeat)



At 01:01 PM 9/29/95 S, Andrew Roos <[email protected]> wrote:
>(This is a repeat because I posted the original 36 hours ago and it still   
>hasn't bounced back to me.)
Hmmm - I got it yesterday, so it did go out.

>The attack is based on two particularly interesting three-byte key
>prefixes which have a high probability of producing PRNG sequences
>which start with a known two-byte sequence. The prefixes are:
>1.  Keys starting with "00 00 FD" which have a 14% probability of
>    generating sequences which start "00 00".
>2.  Keys starting with "03 FD FC" which have a 5% probability of
>    generating sequences which start "FF 03".
[much interesting work deleted]

It sounds like any application using RC4 with random session keys
should start by testing session keys and rejecting any that
start with 00 00 or 03 FD; it means doing 2**-15 more random key
generations, and reducing the brute-force space by 2**-15,
but it's a pretty small reduction.
#---
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---