[8681] in cryptography@c2.net mail archive
Re: Requesting feedback on patched RC4-variant
daemon@ATHENA.MIT.EDU (Nikita Borisov)
Tue Apr 24 16:12:47 2001
To: cryptography@wasabisystems.com
From: nikitab@cs.berkeley.edu (Nikita Borisov)
Date: 24 Apr 2001 17:47:19 GMT
Message-ID: <9c4e77$96m$1@abraham.cs.berkeley.edu>
X-Complaints-To: news@abraham.cs.berkeley.edu
In article <4.3.1.0.20010424070403.01adbe48@203.30.171.11>,
Greg Rose <ggr@qualcomm.com> wrote:
>As Perry points out, you need integrity protection anyway, whether using
>RC4 or not. But I'd like to point out that this is one of the few things
>*not* really wrong with WEP. Remember that the signal is being send using
>DSSS (Direct sequence spread spectrum, similar to CDMA digital phones) and
>the chances of an attacker being able to change just one bit, or a targeted
>selection of bits, in a message, is essentially zero.
Of course it's difficult to modify a message while it's in transit.
However, WEP does not prevent replay attacks, so it is possible to
replay a previously transmitted frame with appropriate modifications.
Some people have also suggested tricks to me that can ensure that the
original message never gets received, if that is a concern. I stand by
the claim that integrity protection is important in a protocol such as
WEP.
- Nikita
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
