You're looking at Less Wrong's discussion board. This includes all posts, including those that haven't been promoted to the front page yet. For more information, see About Less Wrong.

taw comments on Bullying the Integers - Less Wrong Discussion

13 Post author: sixes_and_sevens 15 December 2010 05:40PM

You are viewing a comment permalink. View the original post to see all comments and the full post content.

Article Navigation

Comments (33)

Comments (33)

You are viewing a single comment's thread. Show more comments above.

Comment author: taw 16 December 2010 12:33:45AM 1 point [-]

But WEP is a perfect example. WEP is a protocol which uses RC4 for crypto.

RC4 was a really bad proprietary cipher to use, with well known weaknesses even back then, and with key sizes providing no security margin at all. It is essentially a horrible cipher, and they could have barely chosen a worse one while even pretending they tried.

And yet, even with all such horrible decisions about RC4, the primary problem was still not in RC4. WEP didn't even use RC4 correctly. RC4 only tries to be secure if you don't reuse IVs, otherwise all bets are off. WEP completely ignored that. Mishandling IVs/nonces is not even anything obscure - it's one of the basics.

Comment author: ciphergoth 16 December 2010 07:44:01AM *  4 points [-]

  • What then-known weaknesses in RC4 do you have in mind?

  • I don't get your meaning about key sizes, could you be more specific?

  • WEP does not re-use IVs.

Comment author: taw 17 December 2010 12:51:58AM 4 points [-]

WEP uses 24-bit IVs. Birthday paradox guarantees IV reuse.

Original WEP uses 40-bit key. This is already borderline broken, so any extra weakness moves us into trivially broken in seconds territory WEP occupies now.

RC4 weak key schedule.

Powered by Reddit Powered by Reddit