Which kind of cypher is RC4?
Stream cypher
What are the main characteristics of a stream cipher?
- Emulate one-time pad
- process message bit by bit (as stream)
- have a pseudo-random keystream
- combined (XOR) with plain text bit by bit
Which is the main goal of the stream cyphers?
The main goal is the randomness of stream key completely destroys statistical properties in message
What can cause security issues in a bad stream cipher implementation?
If the implementation reuses the stream key, it can compromise the implementation. Whenever the stream key is reused, we can recovery messages (using book cipher, for example).
In which mode is RC4 operated?
RC4 is operated in the output feedback mode (OFB)
How does RC4 work?
- The encryption algorithm generates a pseudo-random sequence RC4(IV, K) that depends only on the key K and an initialization vector IV
- The plain text is then XORed with the pseudo-random sequence to obtain the cipher text and vice versa.
C1 = P1 XOR RC4(IV1, K)
P1 = C1 XOR RC4(IV1, K)
What is the keystream?
It is the pseudo-random sequence generated by RC4 based on IV (initialization vector) and K (the key).
What is crucial to the security of the RC4 algorithm?
It is crucial to the security of the RC4 algorithm that the keystream is never reused, otherwise we would have two IV (initialization vectors) in which holds that IV1 = IV2 with the same key and then the XOR of two plain text can be obtained.
C1 XOR C2 = P1 XOR RC4(IV,K) XOR P2 XOR RC4(IV, K) = P1 XOR P2
What is the key length of the RC4 algorithm?
Since the key is used only as a seed, the key length is variable up to 2048 bit.
Explain in details how does RC4 work.
RC4 uses two byte arrays of 256 elements: S[0,255], K[0,255].
Step1: Initialize the arrays
for all elements of S:
S[i] = i;
j := 0
for i from 0 to 255
j := (j + S[i] + key[i mod keylength]) mod 256
swap values of S[i] and S[j]
endforStep 2: generate the key stream
i := 0
j := 0
while GeneratingOutput:
i := (i + 1) mod 256
j := (j + S[i]) mod 256
swap values of S[i] and S[j]
K := S[(S[i] + S[j]) mod 256]
output K
endwhileStep 3: XOR the keystream with the plain text or the cipher text
How is the security of RC4 regarding to brute force attacks?
Trying every possible key using bruteforce:
- the variable key length of up to 2048 bit allows to make this kind of attack impractical.
- By reducing the key length can also be made arbitrarily insecure.
How is the security of RC4 regarding to differential and linear cryptanalysis attacks?
RSA claims that RC4 is immune to differential and linear cryptanalysis, and no small cycles are known.
Is a 40bit key length secure enough?
NO! It is not secure against brute force attacks
Which transfer protocol uses RC4 with a key length of 40bit?
SSL, which lacks security then.
There are any known weaknesses of RC4?
Yes, depending on the details of the key scheduling method it leads to severe vulnerabilities.
There is any recommendation to turn RC4 more secure?
Yes, to discard the first 3072 bits of the keystream.
