[144660] in cryptography@c2.net mail archive
Re: Fast MAC algorithms?
daemon@ATHENA.MIT.EDU (Joseph Ashwood)
Sat Aug 1 13:04:27 2009
From: "Joseph Ashwood" <ashwood@msn.com>
To: <cryptography@metzdowd.com>
In-Reply-To: <4A73CA72.90408@echeque.com>
Date: Sat, 1 Aug 2009 05:33:23 -0700
--------------------------------------------------
From: "James A. Donald" <jamesd@echeque.com>
Subject: Re: Fast MAC algorithms?
> james hughes wrote:
>>
>> On Jul 27, 2009, at 4:50 AM, James A. Donald wrote:
>>> No one can break arcfour used correctly - unfortunately, it is tricky to
>>> use it correctly.
>>
>> RC-4 is broken when used as intended.
...
>> If you take these into consideration, can it be used "correctly"?
>
> Hence "tricky"
By the same argument a Viginere cipher is "tricky" to use securely, same
with monoalphabetic and even Ceasar. Not that RC4 is anywhere near the
brokenness of Viginere, etc, but the same argument can be applied, so the
argument is flawed.
The question is: What level of heroic effort is acceptable before a cipher
is considered broken? Is AES-256 still secure?3-DES? Right now, to me
AES-256 seems to be about the line, it doesn't take significant effort to
use it securely, and the impact on the security of modern protocols is
effectively zero, so it doesn't need to be retired, but I wouldn't recommend
it for most new protocol purposes. RC4 takes excessive heroic efforts to
avoid the problems, and even teams with highly skilled members have gotten
it horribly wrong. Generally, using RC4 is foolish at best.
Joe
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
