[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RC4 improvement idea

To: [email protected]
Subject: Re: RC4 improvement idea
From: [email protected] (David Wagner)
Date: 9 Apr 1996 02:57:33 -0700
Newsgroups: isaac.lists.cypherpunks
Organization: ISAAC Group, UC Berkeley
References: <[email protected]>
Sender: [email protected]

In article <[email protected]>,
 <[email protected]> wrote:
> At 12:01 PM 4/5/96 -0500, Jack Mott wrote:
> >I got a paper from the cryptography technical report server  
> >"http://www.itribe.net/CTRS/" about a weak class of RC4 keys.
> 
> The report was bogus:
> 
> For one key in 256, you can tell what eight bits of the state box are.  
> For one key in 64000 you can tell what sixteen bits of the state box are, 
> and so on and so forth.
> 
> Such keys are not weak.

No, the report was right: the weak keys are real.

For one key in 256, you have a 13.6% chance of recovering 16 bits of
the original key.

On average, the work factor per key recovered is reduced by a factor
of 35 (i.e. the effective keylength is reduced by 5.1 bits) by using
this class of weak keys.
	- quoting from the report

I've experimentally confirmed this effect myself.  Andrew Roos did
some good work.

Take care,
-- Dave Wagner

References:
- Re: RC4 improvement idea
  - From: [email protected]

Prev by Date: Re: Bulletin: Cypherpunks say no taxes owed by moneychangers!
Next by Date: Re: Australia's New South Wales tries net-censorship
Prev by thread: Re: RC4 improvement idea
Next by thread: Re: RC4 improvement idea
Index(es):
- Date
- Thread