On Mon, Feb 22, 2010 at 02:40:49PM -0500, Mikulas Patocka wrote: > > > So what we could do is simply add a new blkcipher arc4, alongside > > the existing cipher arc4. Then we can convert the existing users > > across, and finally remove the old arc4. > > arc4 can't be used as a block cipher --- see this paper > http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps , it says > that initialization vectors on RC4 are unreliable, if you use (unknown key > concatenated with known IV) or (known IV concatenated with unknown key) as > a RC4 key, the RC4 state can be exposed and the cipher is broken.
What we call a blkcipher is not really a block cipher. In fact, what we call "cipher" is really a block cipher. So we're actually changing arc4 so that it doesn't get used as a block cipher, i.e., you will no longer be able to say "cbc(arc4)" or some such. I know it's confusing and perhaps one day we will rename blkcipher to skcipher and cipher to blkcipher. Cheers, -- Visit Openswan at http://www.openswan.org/ Email: Herbert Xu ~{PmV>HI~} <herb...@gondor.apana.org.au> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt -- To unsubscribe from this list: send the line "unsubscribe linux-crypto" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
