-----BEGIN PGP SIGNED MESSAGE----- [ To: cypherpunks ## Date: 08/02/96 12:29 pm ## Subject: Paranoid Musings ]

Date: Tue, 30 Jul 1996 11:13:59 -0700 From: frantz@netcom.com (Bill Frantz) Subject: Paranoid Musings

Sometimes paranoia strikes. Since these musings are crypto related, I thought I would share them.

Now expensive specialized cracking equipment can certainly speed up the process, but there may be a better way. If cryptanalysis of RC4 yields techniques which make the process much easier, then it is the ideal cypher to certify for export.

Actually, this makes sense for another reason. Academic cryptanalysis is often about finding any attack on a cipher that's easier than keysearch, even if the requirements for that attack are still completely impractical. (Differential and linear attacks on DES are a good example of this.) However, if you're interested in actually recovering data in your attacks with high probability and low cost, then it makes sense to focus on protocol and implementation weaknesses, and then on attacks like keysearch which can be done with either ciphertext-only or known-plaintext. I would guess that some of NSA's best people work on optimizing keysearches. This especially makes sense because of the widespread use, first of DES, and more recently of exportable 40-bit ciphers like RC2 and RC4.

The paranoid conclusion is that there is a significant weakness in RC4.

The paranoid conclusion is that there is a significant weakness in any cipher you're counting on.

Bill Frantz | Cave ab homine unius lebri | Periwinkle -- Consulting (408)356-8506 | [Beware the man of one | 16345 Englewood Ave. frantz@netcom.com | book] - Anonymous Latin | Los Gatos, CA 95032, USA

--John Kelsey, jmkelsey@delphi.com / kelsey@counterpane.com PGP 2.6 fingerprint = 4FE2 F421 100F BB0A 03D1 FE06 A435 7E36 -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBMgI7X0Hx57Ag8goBAQEsNAQAm6SbOnCkTh2EByH8Oa1GoTItx+JUE2hA mtEDp//VW1qH5Lzem14ARGbcgIHbPQqVHN355p5pSrH7tI+RnPc45RRjmF6Ot96r CjnOz3DWPOXx30pm4NGchKs3MmfMyeDKvL3GofMZee8qNm8IZsnMuLMhQABUIdBM kU/oaYwfZdE= =C9ip -----END PGP SIGNATURE-----