[Ach] Network Operations Division Cryptographic Requirements

Hanno Böck hanno at hboeck.de
Wed Mar 8 13:39:26 CET 2017

On Wed, 8 Mar 2017 12:25:27 +0000
Aaron Zauner <azet at azet.org> wrote:

> Yeah, it's not really up to date. I guess purging the first 1024
> bytes in the bitstream of RC4 would make bias attacks far harder as
> the biases are at the beginning of the stream. In general this seems
> to be stupid advice, though.

It was actually common advice for "safe" RC4 usage for quite a while to
throw away the first bytes. TLS also does that. I don't recall the exact
order of events and which paper established what, but over time the
number of bytes that had to be thrown away grew larger and larger and
at some point it was shown that RC4 has smaller biases all over the
keystream and there's no amount of bytes to throw away that makes it
safe in all situations.

Hanno Böck

mail/jabber: hanno at hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20170308/e3245f8c/attachment.sig>

More information about the Ach mailing list