[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Cryptanalysis of RC4 - Preliminary Results (Repeat)

To: Andrew Roos <[email protected]>
Subject: Re: Cryptanalysis of RC4 - Preliminary Results (Repeat)
From: Bill Stewart <[email protected]>
Date: Fri, 29 Sep 1995 10:16:35 -0700
Cc: [email protected]
Sender: [email protected]

At 01:01 PM 9/29/95 S, Andrew Roos <[email protected]> wrote:
>(This is a repeat because I posted the original 36 hours ago and it still   
>hasn't bounced back to me.)
Hmmm - I got it yesterday, so it did go out.

>The attack is based on two particularly interesting three-byte key
>prefixes which have a high probability of producing PRNG sequences
>which start with a known two-byte sequence. The prefixes are:
>1.  Keys starting with "00 00 FD" which have a 14% probability of
>    generating sequences which start "00 00".
>2.  Keys starting with "03 FD FC" which have a 5% probability of
>    generating sequences which start "FF 03".
[much interesting work deleted]

It sounds like any application using RC4 with random session keys
should start by testing session keys and rejecting any that
start with 00 00 or 03 FD; it means doing 2**-15 more random key
generations, and reducing the brute-force space by 2**-15,
but it's a pretty small reduction.
#---
# Bill Stewart, Freelance Information Architect, [email protected]
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---

Follow-Ups:
- Re: Cryptanalysis of RC4 - Preliminary Results (Repeat)
  - From: [email protected] (Dr. Frederick B. Cohen)

Prev by Date: Re: Hack Microsoft
Next by Date: Re: Q&A on the RSA/Cylink legal dispute
Prev by thread: Cryptanalysis of RC4 - Preliminary Results (Repeat)
Next by thread: Re: Cryptanalysis of RC4 - Preliminary Results (Repeat)
Index(es):
- Date
- Thread