Attention CipherSaber Users!!

jamesd at echeque.com jamesd at echeque.com
Sat Jul 28 13:20:30 PDT 2001


    --
On 27 Jul 2001, at 11:33, Arnold G. Reinhold wrote:
> A draft paper by Scott Fluhrer, Itsik Mantin and Adi Shamir was
> released on July 25, 2001 and announces new attacks on the RC4 cipher
> that is the basis for CipherSaber-1. Some of these attacks
> specifically involve the use of an IV with a secret key, the very
> scheme used in CipherSaber.  Prof. Shamir states in an e-mail
> accompanying the release:

If I understand the paper http://www.eyetap.org/~rguerra/toronto2001/rc4_ksaproc.pdf correctly, Cybersabre and WEP would be fixed if instead of making the RC4 initialization by concatenating a permanent and unchanging secret key, and an ever changing visible random value, they instead constructed 
the RC4 key by doing several different SHA hashes of the unchanging secret key, and the ever changing visible random value, and concatenated those hashes, and also discarded some substantial number of initial bytes from the RC4 output.

    --digsig
         James A. Donald
     6YeGpsZR+nOTh/cGwvITnSR3TdzclVpR0+pr3YYQdkG
     xXgj5w0VTwI81xCh6amG5KOaB6nNDXD/mS2s7VXR
     4vvEsQrjo5uE2RHZQa/1atZPduIFyneZNWgzOS40c




---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com





More information about the cypherpunks-legacy mailing list