[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: thoughts on RC4

On Thu, 15 Sep 1994, Bill Sommerfeld wrote:

> > I wonder if the NSA would approve it?  I think it was Bill Sommerfield
> > who pointed out that it was a little curious that NSA approves RC4 with a
> > 40 bit key when hardware-assisted search like the DES key cracker would
> > appear to be impractical.
> Actually, I'm not sure that it's that impractical, but I don't know a
> heck of a lot about VLSI or hardware design.  A fully pipelined chip
> would require significantly more more chip area than the DES cracker,
> but you probably don't need that.  I'm pretty sure you could make a
> blazingly fast, non-pipelined, chip with a "key setup" unit and then a
> "trial encrypt" unit which run in parallel; you clock the key setup
> unit 256 times to set up the key, then the key gets fed to the trial
> encrypt unit where it gets tried against the known
> plaintext/ciphertext pair..

Don't forget the precomputation attack.  The key setup only has to be done
2^40 times, ever.  The initial state of the stream cipher can be stored on
a set of tapes that are read in parallel to perform the brute force