Re: What benefit would there be in using triple RC4-40?

Marcus Watts (mdw@umich.edu)
Mon, 24 Aug 98 14:47:36 -0400

• Next message: David Honig: "Re: Encryption is like a locked suitcase"
• Previous message: Robert Hettinga: "WPI Cryptography Courses"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"
• Next in thread: David Honig: "Re: What benefit would there be in using triple RC4-40?"

If MS-CAPI's version of RC4 inserts a header, then it ought to be
possible to defeat that by just throwing away the first few bytes
of output from RC4. I suppose an easy way to check that would be
to encrypt 2 different things with the same key, then see how many
bytes at the start of the encrypted result are the same. Or, perhaps
even simplier, encrypt 20 random bytes, and see how many bytes of output
you get (if there are 20 bytes of output, there can't be any encrypted
header).

If you're going to nest RC4 3 times in parallel, you definitely
need to be sure the keys you use are different for all 3 passes,
otherwise, the results will be just as if you encrypted with RC4
once.

You might be better off alternating RC2 and RC4. Even if you only
used RC2 in ecb mode, it's still going to scramble 8 bytes at a time,
which should make the result significantly stronger. It might also be
entertaining to add some extra simple key driven data transposition
inbetween those calls as well. I believe almost anything you can
do to mix data between 8-byte intermediate results is going to
improve the resulting strength.

                                -Marcus Watts
                                UM ITD PD&D Umich Systems Group

• Next message: David Honig: "Re: Encryption is like a locked suitcase"
• Previous message: Robert Hettinga: "WPI Cryptography Courses"
• In reply to: Mail System Internal Data: "DON'T DELETE THIS MESSAGE -- FOLDER INTERNAL DATA"
• Next in thread: David Honig: "Re: What benefit would there be in using triple RC4-40?"