|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: Using RC4 as a randomness pool
From: David Wagner (daw
mozart.cs.berkeley.edu)Date: Mon Oct 23 2000 - 19:29:59 CDT
- Next message: Steve Reid: "Re: Using RC4 as a randomness pool"
- Previous message: Ulf Möller: "Re: OpenSSL 3DES inner chaining?"
- In reply to: Niels Möller: "Using RC4 as a randomness pool"
- Next in thread: Steve Reid: "Re: Using RC4 as a randomness pool"
- Reply: David Wagner: "Re: Using RC4 as a randomness pool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Niels Möller wrote:
>Is there anything obviously wrong with using rc4 (aka arcfour) as a
>randomness pool? It's a lot simpler than most other pools I've seen
>described.
I don't trust RC4 as a hashing function. It is not very good at
stirring input bytes (as witnessed by, e.g., Roos weak key class,
various related-key attacks, and other unpublished bad properties of the
key schedule). Thus, I recommend against using it as a way to stir in
entropy (and I see no reason to prefer it).
It's probably ok as a way of stretching good bits that you extracted
from an entropy pool, but of course, any stream or block cipher would
do for this application.
Why don't you tell us what your performance bound is, and maybe we can
find some other way to achieve it with better-studied primitives?
- Next message: Steve Reid: "Re: Using RC4 as a randomness pool"
- Previous message: Ulf Möller: "Re: OpenSSL 3DES inner chaining?"
- In reply to: Niels Möller: "Using RC4 as a randomness pool"
- Next in thread: Steve Reid: "Re: Using RC4 as a randomness pool"
- Reply: David Wagner: "Re: Using RC4 as a randomness pool"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]