Interesting People mailing list archives
IP: RE: Wired: Wireless Networks in Big Trouble
From: David Farber <dave () farber net>
Date: Sat, 25 Aug 2001 15:07:37 +1000
Sender: perry () snark piermont com From: "Perry E. Metzger" <perry () wasabisystems com> To: farber () cis upenn edu Subject: Re: IP: RE: Wired: Wireless Networks in Big Trouble Date: 25 Aug 2001 11:47:37 -0400 Lines: 53 X-Mailer: Gnus v5.7/Emacs 20.7 [FYI, Dave, in addition to running the cryptography mailing list, I teach cryptography at Stevens every spring, not that that makes me a cryptographer -- just well informed...]From: "Young, Mike" <myoung () rsasecurity com> Some people have been spreading the rumour that since WEP is notsecure, RC4( the underlying symmetric encryption algorithm, is not secureeither). WEPis a poorly implemented solution using RSA patented and trade secret algorithms, key material is sent lightly encryption and re-used, which is1) RC4 is not patented. It never was patented by RSA. If Mr. Young wishes to demonstrate where I am wrong here, he should state the patent number (which does not exist.) 2) RC4 cannot possibly be thought of as a trade secret any longer by any stretch of the imagination. It was leaked to the public many years ago and is published at this point in text books. By the way, that which is patented cannot be a trade secret, and vice versa, for obvious reasons. RC4 was originally a trade secret, but that secret is now long gone. At best, the name RC4 itself might be a trademark of RSA, but I suspect at this point lack of rigorous enforcement would make even that unlikely. 3) RC4 itself has very serious security issues explained in the paper on WEP security. In particular, bits of keying material are leaked out in the first 256 bytes of stream output with high probability. RC4 is also subject to related key attacks as a result of this and other properties. RC4 itself is not blameless in this instance. If RC4 had been a bit less brittle, fairly innocent misuse of it such as was done in WEP would not have been nearly as catastrophic. Had other stream ciphers been used in RC4s place, the attack may not have been present. I would avoid using RC4 in new designs -- it is too easy to make mistakes with and it certainly leaks keying material as numerous papers have explained. At the very least, users of RC4 have to throw away a bunch of the initial key stream to gain some safety. I have no doubt that Ron Rivest is a brilliant cryptographer and I always enjoy reading information on his latest neat designs. He's certainly a much smarter man than I am. RC6 is, for instance, a really cool looking block cipher and astonishingly simple. RC4 is also a really cool looking stream cipher. However, that doesn't mean that RC4 is safe to use in new designs. It likely is not. The academic papers are simple enough to understand that even I can understand them and see the problems. -- Perry E. Metzger perry () wasabisystems com -- NetBSD Development, Support & CDs. http://www.wasabisystems.com/
For archives see: http://www.interesting-people.org/
Current thread:
- IP: RE: Wired: Wireless Networks in Big Trouble David Farber (Aug 23)
- <Possible follow-ups>
- IP: RE: Wired: Wireless Networks in Big Trouble David Farber (Aug 24)