[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

> Correct.  The cipher is RC4, which is (last I heard) still thought to be
> okay.  

Okay, but not great.

RC4 is a stream cipher which comes with additional special handling
recommendations ("For best results, discard first N bytes of output
after keying").

> The problem is that WEP generates keys by a distinctly non-random
> process which produces many closely-related keys, and nobody thought to
> ask whether this was a weakness.  It is.

The WEP related-key attacks exploit the first-byte weaknesses of RC4.

					- Bill