Re: ARC4 algorithm

> > Leopard9 is also too new to be trusted. It's apparently only about a month

Passing numerical tests is not a proof of security. Failing numerical tests does not prove insecurity.

random() passes many numerical tests. It's still lousy.

rc4 with all 0 bytes of output deleted fails should fail many numeric tests.

        It's still nearly as secure as the original byte stream.

Shannon's information theory says that given a prng with N bits of internal state, after 2N output bits, you should be able to start predicting future output bits with increasingly good accuracy. All prngs have this issue. The usual assumption is that there's no attack short of exhaustive search to guess bits. This assumes an open review process with objective smart people, and still doesn't constitute a proof. It took people 20 years to understand some of the design issues with DES.

> One time pads are unbreakable.

True one time pads have very large keys, a serious key distribution problem, and aren't a substitute for a random number generator.

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related openbsd.org Links advocacy announce bugs ipv6 misc ports ports-changes security-announce smp source-changes tech Request more information about Pantek

One time pads with a prng are not "true" one time pads. Most stream ciphers do use this design, nearly always with xor. RC4 and DES in OFB mode are both examples of this. You've already described RC4 as insecure.

                                -Marcus Received on Sat Mar 15 21:30:06 2003