Abstract
In this paper we analyze and present some weaknesses and possible attacks on the RC4 stream cipher which were published in many journals. We review some advantages and disadvantages which come from several authors, as well as similarities and differences which can be observed in the published results. Also, we analyze the Key Scheduling Algorithm (KSA) which derives the initial state from a variable size key, and strengths and weaknesses of the RCS stream cipher. Using examples from other papers, we show that RC4 is completely insecure in a common mode of operation which is used in the widely deployed Wired Equivalent Privacy protocol (WEP, which is part of the 802.11 standard).
Highlights
RC4, a fast output-feedback cipher, is one of the most widely used cryptosystems on the Internet, commonly used as the default cipher for SSL/TLS connections [20]
RC4 is comprised of two algorithms: the Key Scheduling Algorithm (KSA) which turns a random key into an initial permutation S of {0,..., N-1}, which uses the secret key to create a pseudo-random initial state, and the Pseudo Random Generation Algorithm (PRGA), which generates the pseudorandom stream to generate a pseudo-random output sequence
Such an Initialization Vector (IV)-based mode of operation is commonly used in stream ciphers in order to generate different PRGA outputs from the same long term key, and the frequent resetting of the PRGA is designed to overcome the unreliable nature of the Wireless LAN environment
Summary
RC4, a fast output-feedback cipher, is one of the most widely used cryptosystems on the Internet, commonly used as the default cipher for SSL/TLS connections [20]. RC4 is comprised of two algorithms: the Key Scheduling Algorithm (KSA) which turns a random key (whose typical size is 40-256 bits) into an initial permutation S of {0,..., N-1}, which uses the secret key to create a pseudo-random initial state, and the Pseudo Random Generation Algorithm (PRGA), which generates the pseudorandom stream to generate a pseudo-random output sequence.
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callMore From: International Journal of Advanced Computer Science and Applications
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
