1994-12-13 - More 40-bit RC4 nonsense

Header Data

From: raph@netcom.com (Raph Levien)
To: cypherpunks@toad.com
Message Hash: 8cdfa0a0b250905a79061ce7c7bc42de022c22175b9f48bff4d4ae9d46190deb
Message ID: <199412131742.JAA27330@netcom5.netcom.com>
Reply To: N/A
UTC Datetime: 1994-12-13 17:49:01 UTC
Raw Date: Tue, 13 Dec 94 09:49:01 PST

Raw message

From: raph@netcom.com (Raph Levien)
Date: Tue, 13 Dec 94 09:49:01 PST
To: cypherpunks@toad.com
Subject: More 40-bit RC4 nonsense
Message-ID: <199412131742.JAA27330@netcom5.netcom.com>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

   If I recall correctly, the first byte out of the RC4 stream has
about a 40% chance of being the first byte of the key. Thus, if the
40-bit "secret" part of the key is the _beginning_ of the full 128-bit
key, then the keyspace is effectively reduced by about seven bits,
meaning that I would be able to crack a key on my PC in a couple of
days or so.
   Of course, if the "clear" 88 bits went first, there would be no
advantage whatsoever. The SSL document very carefully does not say
how they combine the two key parts to form the 128-bit key. Does
anyone know?

Raph

-----BEGIN PGP SIGNATURE-----
Version: 2.6

iQCVAwUBLu3cI/4BfQiT0bDNAQEToQQAtcy2v0sBd+g5GBrm+Pa1AykqS4tTctfu
EYga7kPry4wvGmI7/HpD+SVVDQRcJe+O9CxH9cpvRgBRIBhyvsFXVBSTW0OTJgXb
1bYh5qerD5J/gXAs0XWIp0+Hj8GqeTIRkFTseU4MDcDfQ7tOSEFvul97iSNYIytX
AMkmAEmMXxU=
=S80T
-----END PGP SIGNATURE-----





Thread