In message <v03110708ba6df9a4efb3@[192.168.1.5]>, Bill Frantz writes:
>At 4:29 PM -0800 2/10/03, Steven M. Bellovin wrote:
>>In message <v03110705ba6dec92ddb0@[192.168.1.5]>, Bill Frantz writes:
>>
>>> * Fast key setup (Forget tossing the 256 bytes of key stream.
>>> The designers weren't crypto engineers. Personally, I'd toss the
>>> first 1024.)
>>
>>...
>>
>>There may be a cryptographically sound reason to discard that much, but
>>it's not without cost.
>
>The reason I would discard so much is that when I did some statistics on
>RC4 output, I kept getting distribution lumps out to about 1024. They made
>me worry about what someone who knew what were doing could do.
>
That's a good reason... (At that point, even with older hardware, AES
might be better -- and of course, using a block cipher solves lots of
other problems, too...)
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
