[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
> Correct. The cipher is RC4, which is (last I heard) still thought to be
> okay.
Okay, but not great.
RC4 is a stream cipher which comes with additional special handling
recommendations ("For best results, discard first N bytes of output
after keying").
> The problem is that WEP generates keys by a distinctly non-random
> process which produces many closely-related keys, and nobody thought to
> ask whether this was a weakness. It is.
The WEP related-key attacks exploit the first-byte weaknesses of RC4.
- Bill