Weaknesses in the Key Scheduling Algorithm of RC4

[aleph1 () securityfocus com]

Weaknesses in the Key Scheduling Algorithm of RC4
Scott Fluher, Itsik Mantin, and Adi Shamir

In this paper we present several weaknesses in the key scheduling algorithm 
of RC4, and describe their cryptanalytic significance. We identify a large 
number of weak keys, in which knowledge of a small number of keys bits 
suffices to determine many state and output bits with non-negligible 
probability. We use these weak keys to construct new distinguishers for RC4, 
and to mount related key attacks with practical complexities. Finally, we 
show that RC4 is completely insecure n a common mode of operation which is 
used in the widely deployed Wired Equivalent Privacy protocol (WEP, which 
is part of the 802.11 standard), in which a fixed secret key is 
concatenated with known IV modifiers in order to encrypt different 
messages. Our new passive ciphertext-only attack on this mode can recover 
an arbitrarily long key in a negligible amount of time which grows only 
linearly with its size, both for 24 and 128 bit IV modifiers.

http://www.eyetap.org/~rguerra/toronto2001/rc4_ksaproc.pdf

-- 
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/