On Sep 15, 1:05pm, Bill Sommerfeld wrote:
Actually, I'm not sure that it's that impractical, but I don't know a heck of a lot about VLSI or hardware design. A fully pipelined chip would require significantly more more chip area than the DES cracker, but you probably don't need that.
One of the issues I looked at over the weekend was the parallelization of the key scheduler, which is definitely a non-trivial problem. One thought that did occur to me was that there might be a massively parallel solution to this which has a practical implementation up to 48 bits, but not over this. I'll post more about this when I get some time, but I've got to disagree with Bill here that a simple RC4 implementation (without a parallel key schedule setup) would take more die area than a DES cracker. Ultimately, it is a VERY simple cipher, and the VLSI implementation would reflect this. Even so, the release of the algorithm confirms the RSADSI position that an exhaustive keysearch would be a slow operation, given the setup time required for the key schedule setup. BTW, just an idle question: why is RC4 a stream cipher, as opposed to an 8-bit block cipher? Based on the implementation, it would seem to be the later to me. Ian.