On 7/16/13 11:15 AM, Matthew Green wrote:
http://www.isg.rhul.ac.uk/tls/RC4biases.pdf
Thanks for bringing this pre-print link to my attention!
In summary, don't use RC4. Don't use it carelessly with IVs. And don't use RC4.
RC4 is available in many libraries and platforms. For the immediate future, it is most easily and likely implemented. We need something yesterday, not next year. So, that's one of the options being explored. All I'm trying to cover is doing it as securely as possible. (As I've some experience with this, you can rest assured that I've a fair understanding of IVs and other mechanics.)
Consider using Salsa20 instead.
It would be helpful for folks to read the entire thread before making off the wall comments. Yes, folks have mentioned Salsa20. It doesn't seem as amenable to PPP packets as I would like. But as I was looking at it, is seemed he'd moved on to ChaCha. I'm behind the times on this.... So, let's talk about what to choose for something fast and "modern" to implement in the next decade.... We cannot recommend a dozen EU possibilities. We need something that's already had some significant analysis. Salsa20 or ChaCha? Discuss. _______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography