[12500] in cryptography@c2.net mail archive
Re: Columbia crypto box
daemon@ATHENA.MIT.EDU (Bill Frantz)
Mon Feb 10 19:03:39 2003
X-Original-To: cryptography@wasabisystems.com
X-Original-To: cryptography@wasabisystems.com
In-Reply-To: <b295ds$l66$1@abraham.cs.berkeley.edu>
Date: Mon, 10 Feb 2003 16:02:33 -0800
To: cryptography@wasabisystems.com
From: Bill Frantz <frantz@pwpconsult.com>
At 1:26 PM -0800 2/10/03, David Wagner wrote:
>It's hard to believe that RC4 was chosen for technical reasons.
>The huge cost of key setup per packet (equivalent to generating 256
>bytes of keystream and then throwing it away) should dominate the other
>potential advantages of RC4.
The technical reasons people might chose RC4 for an embedded application
like 802.11 WEP include:
* Code size so close to zero as to make no never mind.
* Intermediate data size so close to zero as to make no never mind.
* Fast key setup (Forget tossing the 256 bytes of key stream.
The designers weren't crypto engineers. Personally, I'd toss the
first 1024.)
* Fast encrypt/decrypt.
* Commonly used in respected security applications (e.g. SSL).
>In any case, WEP would clearly look very different if it had been designed
>by cryptographers, and it almost certainly wouldn't use RC4. Look at
>CCMP, for instance: it is 802.11i's chosen successor to, and re-design
>of, WEP. CCMP uses AES, not RC4, and I think that was a smart move.
I agree. WEP is what you get when you don't seek public review.
Cheers - Bill
-------------------------------------------------------------------------
Bill Frantz | Due process for all | Periwinkle -- Consulting
(408)356-8506 | used to be the Ameican | 16345 Englewood Ave.
frantz@pwpconsult.com | way. | Los Gatos, CA 95032, USA
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
