Cryptography Reference
In-Depth Information
Chapter 11
Conclusion
In the preceding chapters we have presented a detailed study of the RC4 KSA
and PRGA and their variants. In this short final chapter, we summarize the
current status in RC4 research.
• The design is nice and simple.
• It invites a lot of cryptanalytic results.
• The cipher is well studied.
• The cipher requires discarding some amount of initial keystream bytes.
• To date, RC4 is quite safe as 128-bit stream cipher.
• Different approaches to incorporate IV and MAC in RC4 may be possi-
ble, but one needs to be careful regarding the security issues.
• Hardware at the speed of one byte per clock is available [112,155].
RC4
+
is a modified version of RC4 for a better security margin. Even with
the technical arguments and empirical evidences, the security claim of RC4
+
is a conjecture, as is the case with many of the existing stream ciphers. No
immediate weakness of the new design could be observed, and the cipher is
subject to further analysis.
11.1 Safe Use of RC4
With respect to all the analysis so far, we can enlist the following precau-
tions that need to be considered before using RC4.
1. Always throw few initial keystream output bytes. Typically, throwing
1024 bytes removes most of the weaknesses.
2. Avoid broadcasting under different keys, if the initial output bytes are
not thrown.
3. Do not append or prepend IV. Mix it in a non-obvious complex manner.
