'Re: Re: Is AES better than RC4'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       cryptography
Subject:    Re: Re: Is AES better than RC4
From:       "Joseph Ashwood" <ashwood () msn ! com>
Date:       2006-05-25 10:15:38
Message-ID: 009c01c67fe5$1c68b3e0$6401a8c0 () GQ7000
[Download RAW message or body]

----- Original Message ----- 
From: "Ed Gerck" <edgerck@nma.com>
Subject: [!! SPAM] Re: Is AES better than RC4


> Please note that my email was way different in scope. My opening
> sentence, where I basically said that it does not make much sense
> to compare RC4 with AES, was cut in your quote -- but here it is:
>
> "AES has more uses and use modes than RC4, in addition to the fact that
> it encrypts more than one byte at once. Having said that, it is curious
> to note the following misconceptions:"

Yes I did snip that out. I figured everything we agreed on could be left out 
easily enough. I apologize for removing something you considered core to 
your view.

> BTW, discarding the first 100's of bytes in RC4 is easy, fast, and
> has nothing to with lack of "key agility". And, if you do it, you don't
> even have to hash the key (ie, you must EITHER hash the key OR discard the
> first bytes).

>From my view it does. Every extra clock cycle has an impact on key agility, 
even 1 byte of RC4 discards slows the rekeying process, and as a result it 
does affect the effective key agility. That only 256 discards are necessary 
does not mean that those extra 256*(clock cycles per pull) clock cycles 
don't affect key agility. At what point do we say "This affects key agility" 
when it increases the time by 1%? 10%? 100%? If we don't consider every 
cycle to reduce key agility it's all just a matter of scale. This does mean 
that different implementations will have different key agilities, but if you 
look hostorically RC2 makes a great example of where the attacker has 
substantially more key agility than the legitimate user, so it is not 
without precedent.
                    Joe
                Joe 


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic