More 40-bit RC4 nonsense
Raph Levien
raph at netcom.com
Tue Dec 13 11:32:16 PST 1994
Sticking my foot in my mouth, I wrote:
> If I recall correctly, the first byte out of the RC4 stream has
> about a 40% chance of being the first byte of the key. Thus, if the
Wrong. It _is_ true that the first byte of the key has a 40%
probability of being the first byte of the initial state vector. It is
_not_ true that the first byte of the initial state vector is the
first byte out of the RC4 stream. Next time I will check the (alleged)
source code before making a fool of myself.
Thus, my attack shortcut will not work.
Kipp Hickman informs me that the salt is concatenated with the secret
part in such a way that the secret portion is least significant. This
seems wise because of the key/statevector characteristic, but wouldn't
make too much difference either way in practice.
Sorry for the confusion.
Raph
More information about the cypherpunks-legacy
mailing list