Re: More Snake oil

New Message Reply About this list Date view Thread view Subject view Author view

Mark Tillotson (markt@harlequin.co.uk)
Tue, 11 Aug 1998 19:07:44 +0100


jim@mentat.com (Jim Gillogly) wrote:
| Brian Lane writes:
| > The BBC is reporting that a 17 year old kid has implemented 2048 bit RC4
| > and sold copies to a US company for their security. Sounds fishy to me,
| > here's the article link from the BBC
| >
| > http://news.bbc.co.uk/hi/english/sci/tech/newsid_145000/145179.stm
|
| My DNS isn't resolving this host at the moment, but why do you think it
| sounds snakey? 2048-bit RC4 means using 128 bytes of the potential
| 256-byte key. Obviously that's a waste of keying material, but not
| otherwise inherently bogus. Clearly he couldn't <call> it RC4, but
| other than that I don't see why it isn't a good choice for a product
| that needs a stream cipher, assuming the usual precautions are used.
|
| Jim Gillogly

What sounds snake-oily is not that its RC4, but that its some variant of
RC4, with "an extra step in each bit of the encryption of RC4, a
stream cipher technology developed by America's RSA Data Security",
and no mention of session-key generation.

Basically the article is written by someone who is fairly clearly
very ignorant about encryption, so it's hard to be sure what is meant.
The article also fails to give the web address of the teenager in
question! (namely http://www.parkie.ndirect.co.uk/webdesign.htm )

I get the impression that either there's some key-management which
isn't explained, or (more likely) the same key is used for every
encryption you do with the same password... 8(

The phrase "255 byte RC4 encryption" hardly inspires confidence either!

__Mark
[ markt@harlequin.co.uk | http://www.harlequin.co.uk/ | +44(0)1954 785433 ]


New Message Reply About this list Date view Thread view Subject view Author view

 
All trademarks and copyrights are the property of their respective owners.

Other Directory Sites: SeekWonder | Directory Owners Forum

The following archive was created by hippie-mail 7.98617-22 on Sat Apr 10 1999 - 01:10:58