From: "Mark M." <markm@voicenet.com>
Date: Wed, 31 Jul 1996 11:45:04 +0800
To: cypherpunks@toad.com
Subject: Re: Paranoid Musings
In-Reply-To: <199607301811.LAA28373@netcom7.netcom.com>
Message-ID: <Pine.LNX.3.95.960730184416.879A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Tue, 30 Jul 1996, Bill Frantz wrote:

> (1) Now everyone knows that 40 bit RC4 is weak, but just how weak is it? 
> We know that a university CS student can break one message in a week using
> the universities farm of workstations.  But, our foremost reputation agency
> for crypto strength, the ITAR, allows systems with RC4-40 to be exported. 
> What does this mean?
> 
> I combine the above with Whit Diffie's observation that, while crypto users
> are interested in the security of *each* message, organizations which
> monitor communications want to read *every* message.  A TLA interested in
> monitoring communications would need to crack RC4-40 much faster than
> 1/week.
> 
> Now expensive specialized cracking equipment can certainly speed up the
> process, but there may be a better way.  If cryptanalysis of RC4 yields
> techniques which make the process much easier, then it is the ideal cypher
> to certify for export.
> 
> The paranoid conclusion is that there is a significant weakness in RC4.

An FPGA can break RC4 in a few hours.  With several thousand of these, RC4
could be broken in about a second.  Besides, RC4 has been around for 9 years
and has not been successfully cryptanalyzed.  The RC4 algorithm is extremely
simple and doesn't have any obvious weaknesses.

- -- Mark

PGP encrypted mail prefered
Key fingerprint = d61734f2800486ae6f79bfeb70f95348
http://www.voicenet.com/~markm/  


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMf6RNLZc+sv5siulAQH/mQP9G+J/7BnV0AlvvPph032k9SnZ8/hCOqNp
aGV3WScE0FhCqtlmazDa8xopWWX1jSd2ZEhJLthQ0k70QUkKPD+gOteLr3075kan
vTLOr2l4pP9b0AP20Wclw/upZ04QWgfF/YrIcSTHgwcvuxBlR49DKp/zqRcVLmaM
iW/D3AwSYJQ=
=GvZ2
-----END PGP SIGNATURE-----