[8684] in cryptography@c2.net mail archive
Re: Requesting feedback on patched RC4-variant
daemon@ATHENA.MIT.EDU (Greg Rose)
Tue Apr 24 17:49:49 2001
Message-Id: <4.3.1.0.20010425074018.01ae4660@203.30.171.11>
Date: Wed, 25 Apr 2001 07:46:00 +1000
To: nikitab@cs.berkeley.edu (Nikita Borisov)
From: Greg Rose <ggr@qualcomm.com>
Cc: cryptography@wasabisystems.com
In-Reply-To: <9c4e77$96m$1@abraham.cs.berkeley.edu>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
At 05:47 PM 4/24/2001 +0000, Nikita Borisov wrote:
>In article <4.3.1.0.20010424070403.01adbe48@203.30.171.11>,
>Greg Rose <ggr@qualcomm.com> wrote:
> >As Perry points out, you need integrity protection anyway, whether using
> >RC4 or not. But I'd like to point out that this is one of the few things
> >*not* really wrong with WEP. Remember that the signal is being send using
> >DSSS (Direct sequence spread spectrum, similar to CDMA digital phones) and
> >the chances of an attacker being able to change just one bit, or a targeted
> >selection of bits, in a message, is essentially zero.
>
>Of course it's difficult to modify a message while it's in transit.
>However, WEP does not prevent replay attacks, so it is possible to
>replay a previously transmitted frame with appropriate modifications.
>Some people have also suggested tricks to me that can ensure that the
>original message never gets received, if that is a concern. I stand by
>the claim that integrity protection is important in a protocol such as
>WEP.
I absolutely agree that integrity protection is necessary, and I didn't
mean to say otherwise. And you're right, I didn't think about bit-twiddling
in a replayed frame (but doesn't the too-short frame counter thing prevent
replay to some extent?).
You're right and I withdraw my comment.
Anyway, as a lover of stream ciphers, I just get upset when people point
out the bit-twiddling attack, without realising that they are implicitly
endorsing using block ciphers without robust integrity protection instead.
If it needs integrity protection, add a MAC, and the ciphers are on even
ground again.
Greg.
Greg Rose INTERNET: ggr@qualcomm.com
Qualcomm Australia VOICE: +61-2-9817 4188 FAX: +61-2-9817 5199
Level 3, 230 Victoria Road, http://people.qualcomm.com/ggr/
Gladesville NSW 2111 232B EC8F 44C6 C853 D68F E107 E6BF CD2F 1081 A37C
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@wasabisystems.com
