Re: Is AES better than RC4

2006-05-24 Thread Joseph Ashwood


RC4 should have been retired a decade ago, that it has not is due solely to 
the undereducated going with whatever's fastest. It's time we allowed RC4 
to stay dead.
   Joe 



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Secure phones from VectroTel?

2006-05-24 Thread mis
another contender (or could-be contender):

http://www.cryptophone.de/products/CPG10/index.html

(open source and built by people like rop gonggrijp and barry wels)

On Tue, May 23, 2006 at 01:45:15PM -0400, John Ioannidis wrote:
 On Tue, May 23, 2006 at 11:19:38AM -0400, Perry E. Metzger wrote:
  
  Following the links from a /. story about a secure(?) mobile phone
  VectroTel in Switzerland is selling, I came across the fact that this
  firm sells a full line of encrypted phones.
  
  http://www.vectrotel.ch/
  
 
 Too little, too late.  What are they doing, running a V.32bis modem
 over the GSM analog channel? That would account for the worse voice
 quality and the delays in the spec.
 
 A friend showed me yesterday his EVDO-enabled, WinCE handheld, which
 he was using to make phone calls over Skype (not that Skype is secure,
 but that's another story).
 
 /ji
-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Is AES better than RC4

2006-05-24 Thread Max

On 5/23/06, James A. Donald [EMAIL PROTECTED] wrote:


AES is new, and people keep claiming progress towards
breaking it, without however, so far producing any
breaks.

RC4 is old and has numerous known weaknesses, which are
tricky to code around, and have caught many an
implementor - notice for example Wifi.  But these are
known weaknesses, and no new ones have turned up for
some time, nor does it seem likely that they will.


I'm confused.
AES is a _block_ cipher while RC4 is a _stream_ cipher. How are you
going to compare them?

It is makes much more sense to compare AES to RC6 block cipher (if you
like something from the RC-family of ciphers) but that was already
done by the AES standard committee. RC6 became one of the five
finalists but then lost the race to Rijndael. Look at the details of
AES selection process if interested.

Max

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Is AES better than RC4

2006-05-24 Thread James A. Donald

--
James A. Donald
 AES is new, and people keep claiming progress towards
 breaking it, without however, so far producing any
 breaks.

 RC4 is old and has numerous known weaknesses, which
 are tricky to code around, and have caught many an
 implementor - notice for example Wifi.  But these are
 known weaknesses, and no new ones have turned up for
 some time, nor does it seem likely that they will.

Max wrote:
 I'm confused. AES is a _block_ cipher while RC4 is a
 _stream_ cipher. How are you going to compare them?

The question is, what is likely to be secure (assuming
no errors in the code or protocol, assuming the protocol
accommodates the known weaknesses of RC4.

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 r+jgJN/UZnI2Ndd0y5iy/yo4PpzCqxx4/Ouqmr0y
 42RAM+28IfhN9Xrs5LS5o3jt9p73L5MSyLOzwwWT4

-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: Is AES better than RC4

2006-05-24 Thread James A. Donald

--
Joseph Ashwood wrote:
 RC4 should have been retired a decade ago,

Why?

--digsig
 James A. Donald
 6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
 pvLUSroPw35whI+/0Tq1IYPZh/GDEidGMu+4KvZc
 4zyBqLBt4fFho62NSUZuECGjiLrFpqppx7lXuvebv


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]


Re: [!! SPAM] Re: Is AES better than RC4

2006-05-24 Thread Joseph Ashwood
- Original Message - 
From: James A. Donald [EMAIL PROTECTED]

Subject: [!! SPAM] Re: Is AES better than RC4



--
Joseph Ashwood wrote:
 RC4 should have been retired a decade ago,

Why?


It is in general distuingable from random, actually quite quickly.
The first few bytes are so biased that any security is imaginary.
Using it securely requires so much in the way of heroic efforts that the 
overall system slows down into the same speed class as a much simpler, more 
secure design based on AES (or 3DES, or a dozen other ciphers).
The key anti-agility slows it down to the point of being functionally 
unusable for any system that requires rekeying.
It's only redeeming factors are that the cipher itself is simple to write, 
and once keyed it is fast. Neither of these is of any substantial use after 
considering the previous major issues.
   Joe 



-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]