-----BEGIN PGP SIGNED MESSAGE----- On Sat, 29 Jun 1996, Steve Reid wrote:

A few questions about RC4...

I understand that RC4 is like a one-time-pad, in that a key can not be used more than once. What about adding a different salt to the key for each encryption? Would that be sufficent, even if the salt (but not the rest of the key) were known to an attacker?

Probably.

Is there any way to identify and weed out weak keys?

Keys starting with the sequence "00 00 FD", and "03 FD FC" are weak.

Does anyone have any sample data I can use to test an RC4 implementation? A key and the first few bytes of the stream should be sufficent.

There are a few test vectors included in the original alleged-RC4 file available on the usual crypto FTP sites. - -- Mark =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= markm@voicenet.com | finger -l for PGP key 0xe3bf2169 http://www.voicenet.com/~markm/ | d61734f2800486ae6f79bfeb70f95348 "Freedom is the freedom to say that two plus two make four. If that is granted, all else follows." --George Orwell, _1984_ -----BEGIN PGP SIGNATURE----- Version: 2.6.3 Charset: noconv iQCVAwUBMdbm/LZc+sv5siulAQHksQP9GkdqWiJ7s2ST4QF9ZwcFtFxzTk/PJskh ReNuvXEmWFChkP0AVHJq8USFJDL4CuN4GI7d3sQpn+2HjFw+bcklCuH9zJrret2Y mD7boKcYhzvi/abaKY9FF9/BNtC33yahrjhEIxYFx6QNTLGM9KCjBZIG7/sOAQvq aMSYbfVhvz8= =cgR3 -----END PGP SIGNATURE-----