Referring to your note of August 1: I haven't found anything about breaking RC4 if used with a newly randomly generated key (unrelated to any others) for every communication session. I would appreciate being enlightened!

(Of course one should throw away initial parts of the stream. I suggested doing this to Ron Rivest & RSA in the early 1980s, legitimately knowing about the still-secret RC4 cipher-logic from a client, to whom I made the same suggestion. But even if one doesn't, the result isn't what I would call "breaking" RC4.) I should say that I was appalled when I first learned of people using RC4 with related keys; its structure certainly suggested to me that there would be vulnerabilities.

Is your partly negative recommendation for AES' "...for most new protocol purposes" to do with the recent related-key attack? Which I would certainly agree is very disquieting, even though, as you say, it has no current negative consequences.

I may speculate elsewhere about who knew what & why before the recent publication.

Thank you!

(Peter Schweitzer)

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

Reply via email to