From: raph@netcom.com (Raph Levien)
To: cypherpunks@toad.com
Message Hash: 2a1ff1f935e323e190ed111e416a8dee71ea96d85df261ca223843c1d3a8af60
Message ID: <199412131931.LAA27397@netcom9.netcom.com>
Reply To: N/A
UTC Datetime: 1994-12-13 19:32:16 UTC
Raw Date: Tue, 13 Dec 94 11:32:16 PST
From: raph@netcom.com (Raph Levien)
Date: Tue, 13 Dec 94 11:32:16 PST
To: cypherpunks@toad.com
Subject: Re: More 40-bit RC4 nonsense
Message-ID: <199412131931.LAA27397@netcom9.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain
Sticking my foot in my mouth, I wrote:
> If I recall correctly, the first byte out of the RC4 stream has
> about a 40% chance of being the first byte of the key. Thus, if the
Wrong. It _is_ true that the first byte of the key has a 40%
probability of being the first byte of the initial state vector. It is
_not_ true that the first byte of the initial state vector is the
first byte out of the RC4 stream. Next time I will check the (alleged)
source code before making a fool of myself.
Thus, my attack shortcut will not work.
Kipp Hickman informs me that the salt is concatenated with the secret
part in such a way that the secret portion is least significant. This
seems wise because of the key/statevector characteristic, but wouldn't
make too much difference either way in practice.
Sorry for the confusion.
Raph
Return to December 1994
Return to “raph@netcom.com (Raph Levien)”
1994-12-13 (Tue, 13 Dec 94 11:32:16 PST) - Re: More 40-bit RC4 nonsense - raph@netcom.com (Raph Levien)