Cryptography Reference
In-Depth Information
In the WLAN standard 802.11, it is easy to forge messages and even decipher
them (see also below). You can find an overview of the current RC4 crypt-
analysis at
www.wisdom.weizmann.ac.il/
∼
itsik/RC4/rc4.html
.Asit
appears, the algorithm should be used only with some precautionary measures.
For example, keys and the initialization vector should be generated by means
of cryptographic hash functions (see Section 6.3.1), and a sufficiently large
number of bytes at the beginning of the key stream should be discarded.
You can see that the name 'RC4' itself doesn't mean anything. A good example
is the work described in
eprint.iacr.org/2005/007.pdf
, which points to the fact
that the initialization vector in RC4-ciphered Microsoft Word and Microsoft
Excel documents doesn't change when the documents are modified: you know
how this vulnerability can be attacked! Also, when designing the WLAN
standard WEP, people initially made almost all errors that can possibly be made
in an RC4 implementation. Obviously not a single cryptologist was involved in
the workgroups. With the related IEEE standard 802.15.4/802.15.4b and mainly
with the ZigBEE standard derived from the former (which is interesting, for
example, for self-connecting wireless sensor networks), things look better, but
this is not the topic of this topic.
Thanks to its proliferation in commercial products, RC4 is used by many users
(mostly without their knowing it), and thanks to its simplicity, programmers
could actually build it in their products themselves, of course, with the use of
an initialization vector. That would be a stream cipher for everybody, well, if it
weren't for the license fee to be paid to RSADSI for commercial use. Though
this is rather doubtful, the license fees would probably be less than the cost of
a legal action.
5.7 Other Interesting Methods
Many more ciphering methods are used than you have learnt so far in this
topic. In the rest of this chapter on modern methods, I won't even try to give
an overview; you will find one in Schneier [SchnCr]. I have just picked the
most interesting or practically important algorithms and will then introduce yet
another very original cryptanalysis in Section 5.10.
5.7.1 The
pkzip
Cipher and How to Break It
As the heading of this section suggests, we will again be dealing with a 'weak'
method. You probably know that 'weak' in cryptanalysts' lingo is everything
that has been cracked or where breaking is imminent. In the present case,
