[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
On Mon, 16 Jun 2003, Bill Sommerfeld wrote:
> > Correct. The cipher is RC4, which is (last I heard) still thought to be
> > okay.
>
> Okay, but not great.
> RC4 is a stream cipher which comes with additional special handling
> recommendations ("For best results, discard first N bytes of output
> after keying").
My impression is that said recommendation applies only with non-random
keys. When I dug into this (albeit briefly) a while back, I was unable to
find any source for that recommendation which didn't trace back to WEP's
disastrously non-random key-generation procedure.
I would be curious to know whether this is still an issue *with* good
random-bits keys. (With a reference, not just folklore; my suspicion is
that the WEP problem is being over-generalized in the folklore.)
Henry Spencer
henry@spsystems.net