Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re^3: Crypt::CipherSaber replacement... Crypt::CBC?

by Anonymous Monk
on Jan 17, 2013 at 04:03 UTC ( #1013698=note: print w/replies, xml ) Need Help??

in reply to Re^2: Crypt::CipherSaber replacement... Crypt::CBC?
in thread Crypt::CipherSaber replacement... Crypt::CBC?

I can actually nearly guarantee his system is secure...

You are correct that using the same key twice with the RC4 algorithm alone would indeed create two streams that could be used to derive the keystream. However, this is what the initialization vector is for. It's appended to the key before encryption and sent in the clear to be used for decryption. It's not part of the key (it's no secret), but it ensures that two identical messages sent with identical keys will always result in different keystreams (and ciphertext). Two examples of ciphersaber-created ciphertext cannot simply be XOR'd together to glean anything useful.

The way these IV's are chosen and they way they express themselves in the ciphertext can be determined looking at a rather large number of messages with the same key. THIS is why WEP is screwed up. If you create the key array more than once (ciphersaber-2 does this), or don't use the key many times, it's secure.

I know this is very old, but I can't leave a page that's relatively prevalent on Google searches with significant errors on it. RC4 with properly chosen keys is not broken by any means.

  • Comment on Re^3: Crypt::CipherSaber replacement... Crypt::CBC?

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://1013698]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (4)
As of 2017-03-23 05:42 GMT
Find Nodes?
    Voting Booth?
    Should Pluto Get Its Planethood Back?

    Results (282 votes). Check out past polls.