Cryptanalysis of RC4 - Preliminary Results (Repeat)
Bill Stewart
stewarts at ix.netcom.com
Fri Sep 29 10:16:59 PDT 1995
At 01:01 PM 9/29/95 S, Andrew Roos <AndrewR at beetle.vironix.co.za> wrote:
>(This is a repeat because I posted the original 36 hours ago and it still
>hasn't bounced back to me.)
Hmmm - I got it yesterday, so it did go out.
>The attack is based on two particularly interesting three-byte key
>prefixes which have a high probability of producing PRNG sequences
>which start with a known two-byte sequence. The prefixes are:
>1. Keys starting with "00 00 FD" which have a 14% probability of
> generating sequences which start "00 00".
>2. Keys starting with "03 FD FC" which have a 5% probability of
> generating sequences which start "FF 03".
[much interesting work deleted]
It sounds like any application using RC4 with random session keys
should start by testing session keys and rejecting any that
start with 00 00 or 03 FD; it means doing 2**-15 more random key
generations, and reducing the brute-force space by 2**-15,
but it's a pretty small reduction.
#---
# Bill Stewart, Freelance Information Architect, stewarts at ix.netcom.com
# Phone +1-510-247-0664 Pager/Voicemail 1-408-787-1281
#---
More information about the cypherpunks-legacy
mailing list