In message [EMAIL PROTECTED], Pete Chown writes:
Bill Stewart wrote:
These days nobody *has* a better cryptosystem than you do They might
have a cheaper one or a faster one, but for ten years the public's
been able to get free planet-sized-computer-proof crypto ...
I seem to remember that the
While I'm not claiming RC4 is strong, the main problem is that WEP
misuses it. At I understand it, the recommendation for a long time has
been that you either throw away the first 256 bytes of stream key output
or use a different key on every message. WEP does neither. TKIP, the new
security
Pete Chown [EMAIL PROTECTED] writes:
Bill Stewart wrote:
These days nobody *has* a better cryptosystem than you do They might
have a cheaper one or a faster one, but for ten years the public's
been able to get free planet-sized-computer-proof crypto ...
I seem to remember that the
On Sun, Feb 09, 2003 at 11:34:01PM -0500, Steven M. Bellovin wrote:
First, there was no key management. This means that loss of a single
unit -- a stolen laptop or a disgruntled (ex-)employee would do --
compromises the entire network, since it's impossible to rekey
everything at once in
On Sun, Feb 09, 2003 at 11:43:55PM -0500, Donald Eastlake 3rd wrote:
been that you either throw away the first 256 bytes of stream key output
or use a different key on every message. WEP does neither. TKIP, the new
You NEVER, EVER, re-use the key for a stream cipher, if you do, you might
as
The following papers have been accepted for presentation and publication
at the 3rd Privacy Enhancing Technologies workshop, in Dresden Mar 26-28
this year. In addition, there will be several invited talks and/or panels.
Please forward this mail to other relevant lists.
See
Matthew Byng-Maddick[SMTP:[EMAIL PROTECTED]] writes:
On Sun, Feb 09, 2003 at 11:43:55PM -0500, Donald Eastlake 3rd wrote:
been that you either throw away the first 256 bytes of stream key output
or use a different key on every message. WEP does neither. TKIP, the new
You NEVER,
(The topic has drifted to the management of keys in a wireless
network. Adam responds to Steve's notes about WEP...)
Adam Fields [EMAIL PROTECTED] writes:
Practically, what's the right way to do this? You could do it with a
centralized server key that has the ability to broadcast a new shared
In message [EMAIL PROTECTED], bear writ
es:
It's one of those things, like re-using a pad.
Actually, it is re-using a pad, exactly. It's just a pseudorandom
pad (stream cipher) instead of a one-time pad.
And while WEP had problems, it didn't have that particular problem.
New messages with the
Trei, Peter wrote:
The weird thing about WEP was its choice of cipher. It used RC4, a
stream cipher, and re-keyed for every block. . RC4 is
not really intended for this application. Today we'd
have used a block cipher with varying IVs if neccessary
I suspect that RC4 was chosen for other reasons
In message b295ds$l66$[EMAIL PROTECTED], David Wagner writes:
Trei, Peter wrote:
The weird thing about WEP was its choice of cipher. It used RC4, a
stream cipher, and re-keyed for every block. . RC4 is
not really intended for this application. Today we'd
have used a block cipher with varying IVs
At 1:26 PM -0800 2/10/03, David Wagner wrote:
It's hard to believe that RC4 was chosen for technical reasons.
The huge cost of key setup per packet (equivalent to generating 256
bytes of keystream and then throwing it away) should dominate the other
potential advantages of RC4.
The technical
At 4:29 PM -0800 2/10/03, Steven M. Bellovin wrote:
In message v03110705ba6dec92ddb0@[192.168.1.5], Bill Frantz writes:
* Fast key setup (Forget tossing the 256 bytes of key stream.
The designers weren't crypto engineers. Personally, I'd toss the
first 1024.)
...
There may be a
In message v03110708ba6df9a4efb3@[192.168.1.5], Bill Frantz writes:
At 4:29 PM -0800 2/10/03, Steven M. Bellovin wrote:
In message v03110705ba6dec92ddb0@[192.168.1.5], Bill Frantz writes:
* Fast key setup (Forget tossing the 256 bytes of key stream.
The designers weren't crypto engineers.
Bill Frantz writes:
* Fast key setup (Forget tossing the 256 bytes of key
stream. The designers weren't crypto engineers.
Personally, I'd toss the first 1024.)
Steven M. Bellovin wrote:
There may be a cryptographically sound reason to
discard that much, but it's not without cost.
At 06:12 PM 2/10/2003 -0500, Steven M. Bellovin wrote:
In any case, WEP would clearly look very different if it had been designed
by cryptographers, and it almost certainly wouldn't use RC4. Look at
CCMP, for instance: it is 802.11i's chosen successor to, and re-design
of, WEP. CCMP uses AES,
In message [EMAIL PROTECTED], Paul A.S. Ward writes:
Is it really fair to blame WEP for not using AES when AES wasn't around
when WEP was being created?
Of course they couldn't have used AES. But there are other block
ciphers they could have used. They could have used key management.
They
17 matches
Mail list logo
