RE: [Cfrg] Re: [saag] Bad day at the hash function factory

["Hallam-Baker, Phillip" <pbaker at verisign.com>]

Russ,

	I take your point, but a good cipher should be strong against
related key attacks, RC4 is not.

	A good cipher should be usable in black box mode without knowing the
details. That is how they are going to get used. 

	I think that if a cipher is going to have recommended then it should
not require expert knowledge to use it, it should be completely plug
replaceable for any other cipher in its class.

		Phill

> -----Original Message-----
> From: Russ Housley [mailto:housley at vigilsec.com]
> Sent: Thursday, August 26, 2004 4:16 PM
> To: Hallam-Baker, Phillip
> Cc: cfrg at ietf.org
> Subject: RE: [Cfrg] Re: [saag] Bad day at the hash function factory
> 
> 
> At 03:22 PM 8/26/2004, Hallam-Baker, Phillip wrote:
> >RC4 has related key weaknesses that make it a poor choice of
> >cipher. Shamir's attack was a cryptanalytic one.
> 
> The attack was against the way it was used in WEP.  The 
> disclosure of the 
> first three octets of the key is always a bad idea, but WEP does just 
> that.  In the case of RC4, this disclosure is particularly 
> bad.  However, 
> this does not mean that all uses of RC4 will suffer.  For 
> example, TLS does 
> not disclose any portion of the RC4 key, and I am unaware of any 
> cryptanalytic results in this context.
> 
> Russ 
> 

_______________________________________________
Cfrg mailing list
Cfrg at ietf.org
https://www1.ietf.org/mailman/listinfo/cfrg