[12494] in cryptography@c2.net mail archive
RE: Columbia crypto box
daemon@ATHENA.MIT.EDU (Trei, Peter)
Mon Feb 10 15:08:33 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
From: "Trei, Peter" <ptrei@rsasecurity.com>
To:
Cc: "'cryptography@wasabisystems.com'" <cryptography@wasabisystems.com>
Date: Mon, 10 Feb 2003 14:40:05 -0500
> Matthew Byng-Maddick[SMTP:cryptography@lists.colondot.net] writes:
>
>
> On Sun, Feb 09, 2003 at 11:43:55PM -0500, Donald Eastlake 3rd wrote:
> > been that you either throw away the first 256 bytes of stream key output
>
> > or use a different key on every message. WEP does neither. TKIP, the new
>
>
> You NEVER, EVER, re-use the key for a stream cipher, if you do, you might
> as well just give up. By re-using the key, I can get
> plaintext (combinator) plaintext, which is easier to solve than
> plaintext (combinator) cipherstream.
>
> It's one of those things, like re-using a pad.
>
> MBM
>
The weird thing about WEP was its choice of cipher. It used RC4, a
stream cipher, and re-keyed for every block. . RC4 is
not really intended for this application. Today we'd
have used a block cipher with varying IVs if neccessary
I suspect that RC4 was chosen for other reasons - ease of
export, smallness of code, or something like that. It runs fast,
but rekeying every block loses most of that advantage.
Just my personal musings....
Peter Trei
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
