[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Cryptanalysis of RC4 - Preliminary Results (Repeat)
...
> >The attack is based on two particularly interesting three-byte key
> >prefixes which have a high probability of producing PRNG sequences
> >which start with a known two-byte sequence. The prefixes are:
> >1. Keys starting with "00 00 FD" which have a 14% probability of
> > generating sequences which start "00 00".
> >2. Keys starting with "03 FD FC" which have a 5% probability of
> > generating sequences which start "FF 03".
> [much interesting work deleted]
>
> It sounds like any application using RC4 with random session keys
> should start by testing session keys and rejecting any that
> start with 00 00 or 03 FD; it means doing 2**-15 more random key
> generations, and reducing the brute-force space by 2**-15,
> but it's a pretty small reduction.
The problem is that if these keys are weak, there may be many others
that are also weak. In fact, by the time we explore all of the
weaknesses, we may find the system is no longer very strong at all.
--
-> See: Info-Sec Heaven at URL http://all.net
Management Analytics - 216-686-0090 - PO Box 1480, Hudson, OH 44236