Assuming for the moment that alleged-RC4 came from the keyboard of Ron Rivest, my question is whether to look at this as an amateur cipher from a famous cryptologist -- or as a carefully designed cipher from a professional. If it's the latter, we should probably look for some underlying strengths the way the community picked apart S-box design rules years ago. - Carl
Carl Ellison says:
Assuming for the moment that alleged-RC4 came from the keyboard of Ron Rivest,
Well, from his mind -- its probably a reverse engineering job. It looks like it may be interoperable, which would imply that its real...
my question is whether to look at this as an amateur cipher from a famous cryptologist -- or as a carefully designed cipher from a professional.
Hard to tell. Its remarkably simple -- the simplest cypher I've seen in some time. It obvioously needs to be studied in detail. The possible excitement comes from its speed... .pm
On Sep 15, 3:06pm, Perry E. Metzger wrote:
Assuming for the moment that alleged-RC4 came from the keyboard of Ron Rivest,
Well, from his mind -- its probably a reverse engineering job. It looks like it may be interoperable, which would imply that its real...
If it is, then the person who did it has gone to a lot of trouble to make the source layout and coding style very similar to the publicly available MD[245] sources. Compare them and you'll see what I mean. One of the original reasons I thought that this was a fake was the similarity (adds credibility), but when it was verified I began to think that this is, in fact, the real source from RSADSI. I don't think that this is a reverse engineering job, because I can't see any motive for anyone to put the work into making the code look so similar.
Hard to tell. Its remarkably simple -- the simplest cypher I've seen in some time. It obvioously needs to be studied in detail. The possible excitement comes from its speed...
I think that we must bear in mind that most of us are familiar with block ciphers, and that there aren't a lot of stream ciphers out there which are widely used right now. The only others I know of are the various LFSR's (which are pretty simple themselves), and that alleged early prototype A5 (which was itself a group of LSFR's too). Ian.
"Ian Farquhar" says:
If it is, then the person who did it has gone to a lot of trouble to make the source layout and coding style very similar to the publicly available MD[245] sources. Compare them and you'll see what I mean. One of the original reasons I thought that this was a fake was the similarity (adds credibility), but when it was verified I began to think that this is, in fact, the real source from RSADSI. I don't think that this is a reverse engineering job, because I can't see any motive for anyone to put the work into making the code look so similar.
One possibility is that the author may have simply decompiled the original code... Perry
"Ian Farquhar" says:
If it is, then the person who did it has gone to a lot of trouble to make the source layout and coding style very similar to the publicly available MD[245] sources.
Many people use this style. Suspicious, but no fingerprint. Perry E. Metzger writes
One possibility is that the author may have simply decompiled the original code...
Decompilation would not preserve the original style. Is "decompilation" actually the word you had in mind? -- --------------------------------------------------------------------- We have the right to defend ourselves and our property, because of the kind of animals that we James A. Donald are. True law derives from this right, not from the arbitrary power of the omnipotent state. jamesd@netcom.com
James A. Donald says:
Perry E. Metzger writes
One possibility is that the author may have simply decompiled the original code...
Decompilation would not preserve the original style.
Of course it would. If a symbol table was present, you'd even end up with the same variable names.
Is "decompilation" actually the word you had in mind?
Yes. .pm
On Sep 16, 7:54am, James A. Donald wrote:
If it is, then the person who did it has gone to a lot of trouble to make the source layout and coding style very similar to the publicly available MD[245] sources.
Many people use this style.
That same general style, yes, but not to the extent this code is similar. Indeed, I would hazard a guess and say that the RC4 code and the RFC MD[245] code were both written by the same author, based on their layout, variable name choice and general coding style. Do a side-by-side comparison and you will see what I mean. Ian.
One possibility is that the author may have simply decompiled the original code...
This might explain the char % 255's in the code. Normally such a construct is dangerous if the machine/compiler you use uses 2 byte "chars" and there's the slightest posibility of having your "char" hold more than 255. I would normally use char & 255, however it may surprise some of us that some machines can do a MOD faster than an AND and the compiler used might have exploited that feature. However, reconstructing C code out of binaries is a pain and I doubt that you'd see a header file as well as a main .c file... Anyone have experience with decompilers?
rarachel@prism.poly.edu (Arsen Ray Arachelian) writes:
One possibility is that the author may have simply decompiled the original code...
This might explain the char % 255's in the code. Normally such a ... may surprise some of us that some machines can do a MOD faster than an AND and the compiler used might have exploited that feature.
It wouldn't explain the construct Hal pointed out, though:
xorIndex = state[x] + (state[y]) % 256;
Here it's either a bug or a no-op, so a decompiler wouldn't have produced it. Jim Gillogly 26 Halimath S.R. 1994, 16:43
participants (6)
-
Carl Ellison -
Ian Farquhar -
jamesd@netcom.com -
Jim Gillogly -
Perry E. Metzger -
rarachel@prism.poly.edu