[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms

On Mon, 16 Jun 2003, Bill Sommerfeld wrote:
> > Correct.  The cipher is RC4, which is (last I heard) still thought to be
> > okay.  
> Okay, but not great.
> RC4 is a stream cipher which comes with additional special handling
> recommendations ("For best results, discard first N bytes of output
> after keying").

My impression is that said recommendation applies only with non-random
keys.  When I dug into this (albeit briefly) a while back, I was unable to
find any source for that recommendation which didn't trace back to WEP's
disastrously non-random key-generation procedure. 

I would be curious to know whether this is still an issue *with* good
random-bits keys.  (With a reference, not just folklore; my suspicion is
that the WEP problem is being over-generalized in the folklore.)

                                                          Henry Spencer