AES, RC4

2009-08-02 Thread PETER SCHWEITZER 
Referring to your note of August 1: I haven't found anything about  
breaking RC4 if used with a newly randomly generated key (unrelated to  
any others) for every communication session. I would appreciate being  
enlightened!


(Of course one should throw away initial parts of the stream. I  
suggested doing this to Ron Rivest  RSA in the early 1980s,  
legitimately knowing about the still-secret RC4 cipher-logic from a  
client, to whom I made the same suggestion. But even if one doesn't,  
the result isn't what I would call breaking RC4.) I should say that  
I was appalled when I first learned of people using RC4 with related  
keys; its structure certainly suggested to me that there would be  
vulnerabilities.


Is your partly negative recommendation for AES' ...for most new  
protocol purposes to do with the recent related-key attack? Which I  
would certainly agree is very disquieting, even though, as you say, it  
has no current negative consequences.


I may speculate elsewhere about who knew what  why before the recent  
publication.


Thank you!

P.
(Peter Schweitzer)


-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com

Misinformation: new crypto product

2008-07-21 Thread PETER SCHWEITZER 
A recent press release about a new cryptographic product, Permanent  
Privacy (P.P.), mentioning my name, has led to a slew of  
dramatically mistaken reports. Corrections: I have never had a  
cryptography-related connection to Harvard. I had nothing to  do with  
the press release.


Concerning my alleged support for the claim that P.P. provides  
...the world's first practical data encryption system that is  
absolutely unbreakable.:


Its practical versions are not absolutely unbreakable, as I tried  
hard to convince them. The only claim I ever supported was that if  
the additive stream cipher that is one component of P.P. consists of  
a properly managed 'One-Time-Pad', it (obviously) provides  
unbreakable encryption.


Peter Schweitzer




-
The Cryptography Mailing List
Unsubscribe by sending unsubscribe cryptography to [EMAIL PROTECTED]