Re: Arcfour in Ada

[Thomas Boschloo <nospam@multiweb.nl>]

Julian Morrison wrote:
> 
> "Thomas Boschloo" <nospam@multiweb.nl> wrote:
> 
> > Why did you decide to go for arcfour and not the AES
> > http://www.nist.gov/aes ?
> > [...]
> >
> > AES seems so much more secure in the long run than RC4!
> 
> AFAIK, the AES cypher is more secure in that you can safely reuse keys.
> It's also newer, though, and new crypto is less trustable. AES is also a
> very gread deal more CPU churn and overhead than Arcfour. Since you can
> only encrypt in blocks of four bytes, you need extraneous header info to
> show where the contents end, and you need to CBC the blocks together. If
> you're encrypting a lot of small things (such as in Fling's routeballs)
> the overheads will add up.

That makes sense. I believe you could perhaps use an escape character to
identify the end of a string. Like (and I have to dig deep into my
memory now) when you send a bit string, you could say that '000' marks
the end of your bit string. If you need to actualy send '000' you pad it
like '0010' or something like that. I am a bit rusty, have to look it up
in my old study books.

A better example might be the way printf and scanf work in C. '/' is the
escape character (like '/n', '/0', etc.) and if you actually want to
send a '/' you just send a '//'. It need not take up a lot of
bandwidth/space I think. But I don't know much about implementing TCP. I
do know that the freedom network stopped using fixed sized packages in
version 2.1 or something, because it took up too much bandwidth. I seem
to remember that they also use UDP for something but I am confusing
myself now. The good thing about UDP is that you don't have to set up a
connection to send data. It doesn't have to point back to you (which is
good if you want to be anonymous).

Well, who do I think I am :-) I'm sure you already know all you need to
know and more ;-)

Regards & Good luck,
Thomas
-- 
Jessica "I'm not bad, I'm just drawn that way"