[12490] in cryptography@c2.net mail archive
Re: Columbia crypto box
daemon@ATHENA.MIT.EDU (Eric Rescorla)
Mon Feb 10 10:48:49 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
To: Pete Chown <Pete.Chown@skygate.co.uk>
Cc: cryptography@wasabisystems.com
Reply-To: EKR <ekr@rtfm.com>
From: Eric Rescorla <ekr@rtfm.com>
Date: 10 Feb 2003 06:28:56 -0800
In-Reply-To: <3E465CCB.5080107@skygate.co.uk>
Pete Chown <Pete.Chown@skygate.co.uk> writes:
> Bill Stewart wrote:
>
> > These days nobody *has* a better cryptosystem than you do They might
> > have a cheaper one or a faster one, but for ten years the public's
> > been able to get free planet-sized-computer-proof crypto ...
>
> I seem to remember that the Nazis said the same thing about Enigma.
> Even when evidence began to filter back that it had been broken, they
> ignored it because they were so confident that a break was impossible.
>
> It's true that protocol and programming problems account for the huge
> majority of security holes. The WEP break, though, was one notable
> exception. They were using an established cryptosystem (RC4) with a
> planet sized key (128 bits). However, a weakness in RC4 itself let them
> down.
This isn't 100% true.
There were known (less practical but still better than just theoretical)
attacks on RC4 as used in WEP even before the RC4 weak key work.
WEP was a bad design through and through.
-Ekr
--
[Eric Rescorla ekr@rtfm.com]
http://www.rtfm.com/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
