1994-11-19 - Verifying RC4

Header Data

From: gnu
To: cypherpunks
Message Hash: 6ddc4a003ee0053d2eff8a10a0803f2b6b473d73ac6cef9752bcc3cc61639d34
Message ID: <9411191104.AA12123@toad.com>
Reply To: <199411170043.QAA04438@comsec.com>
UTC Datetime: 1994-11-19 11:04:17 UTC
Raw Date: Sat, 19 Nov 94 03:04:17 PST

Raw message

From: gnu
Date: Sat, 19 Nov 94 03:04:17 PST
To: cypherpunks
Subject: Verifying RC4
In-Reply-To: <199411170043.QAA04438@comsec.com>
Message-ID: <9411191104.AA12123@toad.com>
MIME-Version: 1.0
Content-Type: text/plain

> "RC4" as used herein, is used to identify an apparently reverse-engineered
> algorithm recently posted to sci.crypt that claimed it was compatible with
> the RC4 sold by RSA Data Security, Inc. (RSADSI) and/or Public Key Partners
> (PKP).  Although the reaction of RSADSI and the press indicates that the two
> algorithms are the same, I could have missed something.

I suggest that someone apply for expedited export permission for some
small piece of software that uses the "apparent reverse-engineered
RC4".  Tell them that you want to export crypto software containing
RC4 on the 7-day plan.  The State Department will send you a set of
test-vectors which you can use to prove that you're really using the
real RC4.  If you pass, and are given export permission, then I guess
the rev-eng version is the real thing.  Be sure your keys are 40 bits
or less (only for purposes of the test export; I don't recommend short
keys for any other purpose).

Full bureaucratic details are at ftp://ftp.cygnus.com/pub/export/cjr.kit.
Search for "test vector".  This info is also reachable from my Web
page on crypto export, http://www.cygnus.com/~gnu/export.html.

Please email me a full copy of any CJ that you submit, so I can add it
to the Web page (along with the eventual response from the gov't).

	John Gilmore