[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: stream ciphers (Re: 128 bit block ciphers)
Adam Back says:
> > Similarly to having to remember not to re-use IVs.
> Ah, but you get "remembering" not to re-use IVs for free -- you just
> use random ones, or for some block modes just non-repeating IVs.
> Using random offsets is impractical due to the performance penalty of
> spinning the PRNG by 2^(IV size).
Also true - however limited offsets could be used more or less
safely with small-size plaintexts (say, up to a few KBytes)...
> > > rc4-key-shedule( iv || s2k( passphrase ) )
> > A possibility. Would need more time to evaluate it...
> It has a sort of precedent, so must (one presumes!) have been looked
> at in that the export versions of SSL cipher suites with RC4
> (RC4-40-RSA-MD5) use the construct...
(:-) So much the better.
> Probably: rc4-key-schedule ( s2k( iv || passphrase ) )
> would be better as it uses the hash in the s2k for mixing rather than
> relying partly on rc4 key schedule (which the rc4-key-schedule( iv ||
> s2k (passphrase) does ).
> Ah, yes, I suspected you were thinking of SEAL in your earlier
> comments on offsets :-) ... SEAL is more than a stream cipher, it is a
> pseudo-random function family, so spinning to arbitrary points comes
> for free with SEAL. Very nice, agreed. But that trick doesn't work
> with RC4.
(:-( What can I say... But maybe, just maybe the idea can be [partially]