Weaknesses in the Key Scheduling Algorithm of RC4

From: aleph1at_private
Date: Fri Aug 03 2001 - 13:25:33 PDT

  • Next message: Jim Watt: "Re: [PEN-TEST] Deploying a Win32 Sniffer"

    Weaknesses in the Key Scheduling Algorithm of RC4
    Scott Fluher, Itsik Mantin, and Adi Shamir
    In this paper we present several weaknesses in the key scheduling algorithm 
    of RC4, and describe their cryptanalytic significance. We identify a large 
    number of weak keys, in which knowledge of a small number of keys bits 
    suffices to determine many state and output bits with non-negligible 
    probability. We use these weak keys to construct new distinguishers for RC4, 
    and to mount related key attacks with practical complexities. Finally, we 
    show that RC4 is completely insecure n a common mode of operation which is 
    used in the widely deployed Wired Equivalent Privacy protocol (WEP, which 
    is part of the 802.11 standard), in which a fixed secret key is 
    concatenated with known IV modifiers in order to encrypt different 
    messages. Our new passive ciphertext-only attack on this mode can recover 
    an arbitrarily long key in a negligible amount of time which grows only 
    linearly with its size, both for 24 and 128 bit IV modifiers.
    Elias Levy
    Si vis pacem, para bellum
    This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
    Service. For more information on SecurityFocus' SIA service which
    automatically alerts you to the latest security vulnerabilities please see:

    This archive was generated by hypermail 2b30 : Sun Aug 05 2001 - 09:57:35 PDT