Keith Lockstone (klockstone@cix.co.uk)
Tue, 6 Apr 1999 21:09 +0100 (BST)
Thanks for the replies, they're most helpful.
In the line:
t = (S[i] + S[j]) mod 256
the 'a+b' operation could be replaced by 'a-b', 'b-a' or 'a XOR b'
with presumably the same result. (This part seems to be a crude
one-way function for extracting the output that does not effect
the generator's internal state)
However, in the line:
j = (j + S[i]) mod 256
can we replace the '+' operator in a similar fashion?
If so, this gives us a family of 2048 generators that could be
selected by using key bits.
and:
>So if you believe that given a few hundred bytes out output of RC4,
>you can recover the initial state of the S array, whatever it happened to
>be, then RC4(+r) is of exactly the same strength as RC4.
>
>On the other hand, if you believe that the key-setup part of RC4 is the
>weak bit (so that the arrays S that result from RC4's key setup routine
>are in some sense easier to break than starting with random permutations
>for S), then RC4(+r) may be stronger, since it produces a different (though
>related) set of initial arrays S.
Should also apply.
Also, am I right in thinking that there is a problem when i = j?
Keith.
The following archive was created by hippie-mail 7.98617-22 on Thu May 27 1999 - 23:44:21