[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RSA's comments on RC4 weak keys



        Well, I seem to be falling into the role of spokesperson
for RSA on the net.  It gives me something to do other than
design reviews and programming.  Here is our response to the 
excellent work that Andrew Roos has been doing on RC4.  I am
glad that people are looking at RC4 critically.
                --Bob


-----------------------------
September 29, 1995 statement from RSADSI


RSA Data Security Inc. has been following the emerging
reports of a weakness in certain keys for the RC4 cipher.
RSADSI's researchers have been aware of this particular
property of the RC4 cipher for over a year.   Most ciphers
have a property whereby an enormous amount of known
plaintext will provide a slight reduction in exhaustive key
searching.  The linear cryptanalysis of the DES cipher is an
well known example of this.   Limitations like this in the
underlying ciphers are addressed by following sound advice
on the design of the overall cryptographic system.

Products that include RC4 from RSADSI are not compromised by
this attack.  Companies that license the BSafe cryptography
toolkit have always been given advice that overcomes this
limitation of the RC4 cipher, and this is true even for
products that were built >before< this specific problem was
discovered by the researchers at RSADSI.   These researchers
also monitor all developments in the field of cryptography
and cryptanalysis so they can keep RSADSI's customers
appraised relevant developments.