RC4 x 2 rounds
in [Cryptography]
|
From: Dave -Turner on 11 Jan 2010 17:30 RC4 is such a simple and fast algorithm ... ok there are a few attacks against it, but what if I encrypted the stream twice, using two unrelated keys. (Two "rounds" if you will, but with different keys obviously, as using same key in RC4 simply decrypts the original) How much additional security would this secound round provide (if any)? Thankyou
From: robertwessel2 on 11 Jan 2010 18:34 On Jan 11, 4:30 pm, "Dave -Turner" <ad...(a)127.0.0.1> wrote: > RC4 is such a simple and fast algorithm ... ok there are a few attacks > against it, but what if I encrypted the stream twice, using two unrelated > keys. (Two "rounds" if you will, but with different keys obviously, as using > same key in RC4 simply decrypts the original) > How much additional security would this secound round provide (if any)? Well it certainly couldn't hurt security, but what's the point? AES is solid and has performance probably no more than about 25% relative to doing two RC4 rounds on most platforms.
From: Joseph Ashwood on 12 Jan 2010 00:58 "Dave -Turner" <admin(a)127.0.0.1> wrote in message news:EoGdnQXscoA-O9bWnZ2dnUVZ8v6dnZ2d(a)westnet.com.au... > RC4 is such a simple and fast algorithm ... ok there are a few attacks > against it, but what if I encrypted the stream twice, using two unrelated > keys. (Two "rounds" if you will, but with different keys obviously, as > using > same key in RC4 simply decrypts the original) > How much additional security would this secound round provide (if any)? Without too much examination, a na�ve look says that the biases would reduce from 2^-24 to 2^-48, still insecure. To reach secure levels would require RC4*4. A more in depth analysis will give more accurate numbers. Joe
From: unruh on 12 Jan 2010 13:57 On 2010-01-12, Joseph Ashwood <ashwood(a)msn.com> wrote: > "Dave -Turner" <admin(a)127.0.0.1> wrote in message > news:EoGdnQXscoA-O9bWnZ2dnUVZ8v6dnZ2d(a)westnet.com.au... >> RC4 is such a simple and fast algorithm ... ok there are a few attacks >> against it, but what if I encrypted the stream twice, using two unrelated >> keys. (Two "rounds" if you will, but with different keys obviously, as >> using >> same key in RC4 simply decrypts the original) >> How much additional security would this secound round provide (if any)? > > Without too much examination, a na?ve look says that the biases would reduce > from 2^-24 to 2^-48, still insecure. To reach secure levels would require I believe that 2^24 is the number of letters you need to be able to detect the biases in RC4. The ability to use those biases to gain any information about the text transmitted is pretty open to question. Ie, does this actually make it insecure as a crypto-system. > RC4*4. A more in depth analysis will give more accurate numbers. > Joe >
From: Keith on 15 Jan 2010 08:47
Dave -Turner wrote: > RC4 is such a simple and fast algorithm ... ok there are a few attacks > against it, but what if I encrypted the stream twice, using two unrelated > keys. (Two "rounds" if you will, but with different keys obviously, as using > same key in RC4 simply decrypts the original) > How much additional security would this secound round provide (if any)? From what I've read, you may be better off in terms of both security and speed (if using RC4 is unavoidable), by just dropping the first x bytes of the keystream, where a conservative value for x might be 3072 bytes. See http://www.users.zetnet.co.uk/hopwood/crypto/scan/cs.html#RC4-drop for a brief discussion. |