Re: What's wrong with this RC4?
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


sci.crypt archive

Re: What's wrong with this RC4?

From: Andrew Pogrebennyk <andrew86@voliacable.com>
Date: Tue Dec 20 2005 - 18:31:42 CET



On Tue, 20 Dec 2005 00:19:04 -0800, giorgio.tani


wrote:



>> I was trying to write my own RC4 (or, to say, ARCFOUR) implementation and


>> for almost a half of a day can do nothing with the following simple code:


> Hi, I hope to can be useful to you with some links and advices:


> http://en.wikipedia.org/wiki/RC4 is IMHO well written and a good


> starting point about RC4 basis, example code and general warnings about


> RC4 issues; if you aim to understand RC4 or even build something


> containing it, you should also carefully understand them.


> http://ciphersaber.gurus.com/ is an ARCFOUR implementation targheted to


> be easy to uderstand and implement properly (ciphersaber


> implementation, expecially ciphersaber2, also fixes some of RC4


> issues), example code in many languages were available on


> www.xs4all.nl/~cg/ciphersaber but I cannot reach that URL since some


> times.


> http://cypherpunks.venona.com/date/1994/09/msg00434.html is one of


> first posts revealing alleged RC4 code.


> If you know Delphi/Pascal language family, you may (IMHO) find


> interesting my page http://giorgiotani.interfree.it/s_crypto_tools.html


> with some FreePascal code about ARCFOUR and some modification in key


> scheduling and in the cypher itself (experimental, passes randomness


> tests, so they *probably* give random output as expected by a stream


> cypher, but it's not enough to be confident for using it in non


> experimental applications!) (btw, the code is not very simple as RC4


> could be since my implementation is aimed to allow multiple stream


> cyphers to run contemporary). The page itself contains other maybe


> interesting links about RC4 and crypto.



Thanks for the information. Wikipedia and this Internet-draft:


http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt


actually served as guidelines. I've already learnt about CipherSaber and


will try to implement it someday, perhaps even with HMAC addition. By


the way, all the resources with source code of CipherSaber, that I'm aware


of, are not available this days... I've only found one ultra-short Perl


implementation. Though, CipherSaber really seems to be really not


complicated to implement from scratch.



Thanks,


Andrew


Received on Fri Dec 23 20:11:16 2005