From: "Mark M." <markm@voicenet.com>
Date: Mon, 1 Jul 1996 15:46:13 +0800
To: Steve Reid <root@edmweb.com>
Subject: Re: arcfour
In-Reply-To: <Pine.BSF.3.91.960629210817.626B-100000@bitbucket.edmweb.com>
Message-ID: <Pine.LNX.3.94.960630163919.827C-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain


-----BEGIN PGP SIGNED MESSAGE-----

On Sat, 29 Jun 1996, Steve Reid wrote:

> A few questions about RC4...
> 
> I understand that RC4 is like a one-time-pad, in that a key can not be
> used more than once. What about adding a different salt to the key for
> each encryption? Would that be sufficent, even if the salt (but not the
> rest of the key) were known to an attacker? 

Probably.  
> 
> Is there any way to identify and weed out weak keys?

Keys starting with the sequence "00 00 FD", and "03 FD FC" are weak.

> 
> Does anyone have any sample data I can use to test an RC4 implementation?
> A key and the first few bytes of the stream should be sufficent. 

There are a few test vectors included in the original alleged-RC4 file
available on the usual crypto FTP sites.

- -- Mark

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com              | finger -l for PGP key 0xe3bf2169
http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348
"Freedom is the freedom to say that two plus two make four.  If that
is granted, all else follows."  --George Orwell, _1984_


-----BEGIN PGP SIGNATURE-----
Version: 2.6.3
Charset: noconv

iQCVAwUBMdbm/LZc+sv5siulAQHksQP9GkdqWiJ7s2ST4QF9ZwcFtFxzTk/PJskh
ReNuvXEmWFChkP0AVHJq8USFJDL4CuN4GI7d3sQpn+2HjFw+bcklCuH9zJrret2Y
mD7boKcYhzvi/abaKY9FF9/BNtC33yahrjhEIxYFx6QNTLGM9KCjBZIG7/sOAQvq
aMSYbfVhvz8=
=cgR3
-----END PGP SIGNATURE-----