From: "PETER SCHWEITZER" <pe...@infosecsys.com>
Subject: AES, RC4

Referring to your note of August 1: I haven't found anything about breaking RC4 if used with a newly randomly generated key (unrelated to any others) for every communication session. I would appreciate being enlightened!

If a completely unrelated new key is used, and the key has sufficient entropy, and it isn't used for too long, and the entropy of the key is fairly smoothly distributed, and the first several bytes are discarded, and I'm probably missing a couple of requirements, then RC4 is reasonably secure. On the other hand using AES-128 in CTR mode, the key requires sufficient entropy. That is the difference, particularly attempting to make sure there the RC4 kys are truly unrelated is continually difficult.

Is your partly negative recommendation for AES' "...for most new protocol purposes" to do with the recent related-key attack? Which I would certainly agree is very disquieting, even though, as you say, it has no current negative consequences.

The last few weeks have not been kind to AES-256, a couple new attacks, the related key on the full structure, and the more recent significant erosion in other areas. Like I said, not enough to force an immediate retirement, AES-256 remains functionally secure, but the argument for usage is getting more difficult, AES-256 seems to be no more secure than AES-128, and is slower. Joe
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
    • Re: AES, RC4 Joseph Ashwood

Reply via email to