Bill Stewart <[EMAIL PROTECTED]> writes:
> If you've got room for an IV, you _could_ do something like
> XORing the IV with the key, not the data stream -
> that means that it isn't really using the same algorithm
> for the IV as for the rest of the data stream, but you may not care.

With RC4, it's better simply to append the IV to the key rather than
XORing it.  It sounds like the RC4-based CipherSaber is exactly the
algorithm you want:

CipherSaber prepends a 10-byte IV to the ciphertext, so your
ciphertext is 10 bytes longer than the plaintext, and you have to
generate an expected 2^40 or so ciphertexts with the same key before you get 
a disastrous IV collision.

Nitpick: here I'm using "IV" to mean "any nonce for a randomized
stream cipher".  A purist might restrict the meaning to mean an
initial state for a block cipher chaining mode.

Reply via email to