From: mpjohnso@nyx10.cs.du.edu (Michael Johnson)
To: cypherpunks@toad.com
Message Hash: 9e9c3f15fc4e0e062bea01df617d946bcee77e11f61dc42ed81761d6f9f15ab4
Message ID: <9412132159.AA08756@nyx10.cs.du.edu>
Reply To: <199412131742.JAA27330@netcom5.netcom.com>
UTC Datetime: 1994-12-13 22:00:18 UTC
Raw Date: Tue, 13 Dec 94 14:00:18 PST
From: mpjohnso@nyx10.cs.du.edu (Michael Johnson)
Date: Tue, 13 Dec 94 14:00:18 PST
To: cypherpunks@toad.com
Subject: Re: More 40-bit RC4 nonsense
In-Reply-To: <199412131742.JAA27330@netcom5.netcom.com>
Message-ID: <9412132159.AA08756@nyx10.cs.du.edu>
MIME-Version: 1.0
Content-Type: text/plain
Raph Levien writes:
> If I recall correctly, the first byte out of the RC4 stream has
>about a 40% chance of being the first byte of the key. Thus, if the
>40-bit "secret" part of the key is the _beginning_ of the full 128-bit
>key, then the keyspace is effectively reduced by about seven bits,
>meaning that I would be able to crack a key on my PC in a couple of
>days or so.
> Of course, if the "clear" 88 bits went first, there would be no
>advantage whatsoever. The SSL document very carefully does not say
>how they combine the two key parts to form the 128-bit key. Does
>anyone know?
Why did the NSA require that an application using the Sapphire Stream Cipher
be limited to a _32-bit_ session key instead of the well-known _40-bit_
limit for RC4? I wonder if there are other key bit leaks that cover the other
60%?
Hmmm....
Return to December 1994
Return to “raph@netcom.com (Raph Levien)”