[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
The problem with WEP is that although there's a secret part to the key (40
or 104 bits), that part never changes. The IV is 24 bits which means that
there are only 2^24 possible streams. Even assuming that the IVs are
uniformly random, you can expect collisions after a few thousand packets.
But we're not here to discuss WEP. I only brought it up as an example of
how key-length does not equal security.
-----Original Message-----
From: owner-ipsec@lists.tislabs.com
[mailto:owner-ipsec@lists.tislabs.com]On Behalf Of Henry Spencer
Sent: Monday, June 16, 2003 6:14 PM
To: IP Security List
Subject: Re: Editorial: Use of MAY in draft-ietf-ipsec-ikev2-algorithms
On Mon, 16 Jun 2003, Bill Sommerfeld wrote:
> > Correct. The cipher is RC4, which is (last I heard) still thought to be
> > okay.
>
> Okay, but not great.
> RC4 is a stream cipher which comes with additional special handling
> recommendations ("For best results, discard first N bytes of output
> after keying").
My impression is that said recommendation applies only with non-random
keys. When I dug into this (albeit briefly) a while back, I was unable to
find any source for that recommendation which didn't trace back to WEP's
disastrously non-random key-generation procedure.
I would be curious to know whether this is still an issue *with* good
random-bits keys. (With a reference, not just folklore; my suspicion is
that the WEP problem is being over-generalized in the folklore.)
Henry Spencer
henry@spsystems.net