Re: More Snake oil

Steve Reid (sreid@alpha.sea-to-sky.net)
Tue, 11 Aug 1998 12:35:11 -0700 (PDT)

• Next message: Adam Back: "Re: More Snake oil"
• Previous message: Julian Assange: "Re: More Snake oil"
• In reply to: Brian C. Lane: "More Snake oil"
• Next in thread: proff@iq.org: "Re: More Snake oil"

On Tue, 11 Aug 1998, Jim Gillogly wrote:
> 2048-bit RC4 means using 128 bytes of the potential 256-byte key.
> Obviously that's a waste of keying material, but not otherwise
> inherently bogus.

If I recall correctly, the RC4 key schedual is designed to avoid short
cycles, and using long keys can short-circuit that defense. I don't know
what the definition of "long" is.

> Clearly he couldn't <call> it RC4, but other than that I don't see
> why it isn't a good choice for a product that needs a stream cipher,
> assuming the usual precautions are used.

It should be a trivial matter to download the program and encrypt two
files to see if it uses unsalted keys. I'd do it myself, but I'm not
running M$-Windoze.

>From the web page:
> ....Our customers are especially impressed when we distribute them a
> Self Extracting Encrypted File!" Bill Jameson, Satisfied Customer

Self-extracting encrypted file! Free copy of BackOrifice included!

• Next message: Adam Back: "Re: More Snake oil"
• Previous message: Julian Assange: "Re: More Snake oil"
• In reply to: Brian C. Lane: "More Snake oil"
• Next in thread: proff@iq.org: "Re: More Snake oil"