1994-09-15 - Re: thoughts on RC4

Header Data

From: “Perry E. Metzger” <perry@imsi.com>
To: Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>
Message Hash: a5aecfbc5c040c9ee29f61ea072fba0bffd496fbc7393d1694ae3a6737f9c9d1
Message ID: <9409152250.AA05600@snark.imsi.com>
Reply To: <Pine.3.89.9409151639.A26111-0100000@gedora>
UTC Datetime: 1994-09-15 22:50:59 UTC
Raw Date: Thu, 15 Sep 94 15:50:59 PDT

Raw message

From: "Perry E. Metzger" <perry@imsi.com>
Date: Thu, 15 Sep 94 15:50:59 PDT
To: Mike Johnson second login <exabyte!gedora!mikej2@uunet.uu.net>
Subject: Re: thoughts on RC4
In-Reply-To: <Pine.3.89.9409151639.A26111-0100000@gedora>
Message-ID: <9409152250.AA05600@snark.imsi.com>
MIME-Version: 1.0
Content-Type: text/plain




Mike Johnson second login says:
> Don't forget the precomputation attack.  The key setup only has to be done
> 2^40 times, ever.  The initial state of the stream cipher can be stored on
> a set of tapes that are read in parallel to perform the brute force
> attack. 

You may be interested to know that the SPA/NSA agreement covered this;
you are allowed to use a 40 bit "salt" thats appended to the key when
you use RC4 in an exported application provided the salt is sent along
with the message.

.pm





Thread