On Wed, 8 Mar 2017 12:25:27 +0000 Aaron Zauner <[email protected]> wrote:
> Yeah, it's not really up to date. I guess purging the first 1024 > bytes in the bitstream of RC4 would make bias attacks far harder as > the biases are at the beginning of the stream. In general this seems > to be stupid advice, though. It was actually common advice for "safe" RC4 usage for quite a while to throw away the first bytes. TLS also does that. I don't recall the exact order of events and which paper established what, but over time the number of bytes that had to be thrown away grew larger and larger and at some point it was shown that RC4 has smaller biases all over the keystream and there's no amount of bytes to throw away that makes it safe in all situations. -- Hanno Böck https://hboeck.de/ mail/jabber: [email protected] GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
pgpJi7jsqSUsi.pgp
Description: OpenPGP digital signature
_______________________________________________ Ach mailing list [email protected] http://lists.cert.at/cgi-bin/mailman/listinfo/ach
