Securing online communications

M J D Brown ukcrypto at chiark.greenend.org.uk
Sun, 28 Dec 2008 18:21:45 -0000 

On Thursday, December 25, 2008 at 0926 Ian Batten wrote:

> On 24 Dec 2008, at 09:22, John Brazier wrote:
>
>> Ian wrote:
>>
>>>> RC4 is very fast, and I don't believe that
>>>> (publicly, at least) there are worrying results against it.
>>
>> Really? I'd understood RC4 to be deprecated now, due to the several
>> attacks on it. Or were you thinking of a specific context?
>
> I thought the practical attacks on RC4 was actually attacks on WEP key
> management and implementation (like Enigma, the cipher is stronger
> than its usage).  But I'd be very happy for someone to talk crypto on
> ukcrypto.  My reading of what I've seen is that with decent length
> keys re-generated for each connection and with the nonce values
> regenerated afresh it would be fine.  I'll pass the time between
> milestones in cooking lunch finding out...

As nobody yet seems to have responded, here is my 2p-worth:

Reviewing the RC4 setup procedure which disorders the S-box array under
control of the secret message key, which will be completely familiar to
ukcrypto readers of course, we have the following process:
1.  Fill the 256-byte S-array with the ordered set of byte values
0...255
2.  Fill the 256-byte K-array with the secret key, repeating as
necessary to fill the entire array.
3.  Disorder the S-array:
        j=0
        for i = 0 to 255
            j = (j+S(i)=K(i))mod 256
            swap(S(i),S(j))

A suggested method of combining a repeated use of a secret key for
multiple messages with a nonce and effectively discarding the initial
output of the RC4 stream generator is:
a. Perform step 1 as above.
b. Perform step 2 as above.
c. Perform step 3 as above.
d. Generate a random nonce string.
e. Perform step 2 using the nonce string instead of the secret key.
f. Perform step 3.
g. Perform step 2 using the secret key string again.
h. Perform step 3.
The nonce string is prepended to the message cipher text for use by the 
recipient who is presumed to possess the secret key already.

Seasonal greetings to all,
Mike.