thoughts on RC4
Mike Johnson second login
exabyte!gedora!mikej2 at uunet.uu.net
Thu Sep 15 15:41:47 PDT 1994
On Thu, 15 Sep 1994, Bill Sommerfeld wrote:
> > I wonder if the NSA would approve it? I think it was Bill Sommerfield
> > who pointed out that it was a little curious that NSA approves RC4 with a
> > 40 bit key when hardware-assisted search like the DES key cracker would
> > appear to be impractical.
>
> Actually, I'm not sure that it's that impractical, but I don't know a
> heck of a lot about VLSI or hardware design. A fully pipelined chip
> would require significantly more more chip area than the DES cracker,
> but you probably don't need that. I'm pretty sure you could make a
> blazingly fast, non-pipelined, chip with a "key setup" unit and then a
> "trial encrypt" unit which run in parallel; you clock the key setup
> unit 256 times to set up the key, then the key gets fed to the trial
> encrypt unit where it gets tried against the known
> plaintext/ciphertext pair..
>...
Don't forget the precomputation attack. The key setup only has to be done
2^40 times, ever. The initial state of the stream cipher can be stored on
a set of tapes that are read in parallel to perform the brute force
attack.
More information about the cypherpunks-legacy
mailing list