Weaknesses in the Key Scheduling Algorithm of RC4
Scott Fluher, Itsik Mantin, and Adi Shamir
In this paper we present several weaknesses in the key scheduling algorithm
of RC4, and describe their cryptanalytic significance. We identify a large
number of weak keys, in which knowledge of a small number of keys bits
suffices to determine many state and output bits with non-negligible
probability. We use these weak keys to construct new distinguishers for RC4,
and to mount related key attacks with practical complexities. Finally, we
show that RC4 is completely insecure n a common mode of operation which is
used in the widely deployed Wired Equivalent Privacy protocol (WEP, which
is part of the 802.11 standard), in which a fixed secret key is
concatenated with known IV modifiers in order to encrypt different
messages. Our new passive ciphertext-only attack on this mode can recover
an arbitrarily long key in a negligible amount of time which grows only
linearly with its size, both for 24 and 128 bit IV modifiers.
http://www.eyetap.org/~rguerra/toronto2001/rc4_ksaproc.pdf
--
Elias Levy
SecurityFocus.com
http://www.securityfocus.com/
Si vis pacem, para bellum
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Aug 05 2001
Intro
