In message <v03110708ba6df9a4efb3@[192.168.1.5]>, Bill Frantz writes: >At 4:29 PM -0800 2/10/03, Steven M. Bellovin wrote: >>In message <v03110705ba6dec92ddb0@[192.168.1.5]>, Bill Frantz writes: >> >>> * Fast key setup (Forget tossing the 256 bytes of key stream. >>> The designers weren't crypto engineers. Personally, I'd toss the >>> first 1024.) >> >>... >> >>There may be a cryptographically sound reason to discard that much, but >>it's not without cost. > >The reason I would discard so much is that when I did some statistics on >RC4 output, I kept getting distribution lumps out to about 1024. They made >me worry about what someone who knew what were doing could do. >
That's a good reason... (At that point, even with older hardware, AES might be better -- and of course, using a block cipher solves lots of other problems, too...) --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]