Re: Arcfour in Ada

[Benjamin Goldberg <goldbb2@earthlink.net>]

Thomas Boschloo wrote:
> 
> Julian Morrison wrote:
> >
> > http://download.sourceforge.net/fling/arcfour-ada-1.0.0.tar.gz
> >
> > This code has been created for use with the Fling project
> > (http://fling.sourceforge.net/).
> >
> > This is ArcFour (Alleged RC4), CipherSaber variant, capable of
> > CipherSaber-1 and CipherSaber-2. It is coded in Ada, and is
> > dependent on AUnit and Formatted_Output (available via the AdaPower
> > site). It's probably pretty GNAT-dependent too, since I've had no
> > need to compile it anywhere else. If you want fixes, send patches
> > and/or bug reports via Fling's SourceForge patch tracker.
> >
> > This code has been placed in the public domain by its author.
> >
> > Release notes: first full release, all unit tests pass, but it may
> > be implementation dependant.
> 
> http://fling.sourceforge.net/wiki/index.php?full=arcfour
> 
> Why did you decide to go for arcfour and not the AES
> http://www.nist.gov/aes ? AFAIK Arcfour or RC4 was originally a
> 'security by obscurity' cypher (Arcfour was (now illegal) reverse
> engineered from RC4 by www.rsa.com).

Arcfour is not illegal, but the name "RC4" is trademarked.  To use a
cipher called "RC4" without liscencing that trademark is illegal.  To
use the algorithm is perfectly legal.

The algorithm of RC4 was a trade secret, meaning that some "security by
obscurity" was involved, but in spite of that, the algorithm is still
fairly secure.

> I understand that you might like the idea of a stream-cypher for data
> transmission, but aren't stream and block cyphers thought to be
> somewhat identical in functionality by cryptographers?

Whoa!  No way, man!  Where did you get that wierd idea?  Stream and
block ciphers are *very* different.  I'm not going to explain how they
work, but here's the pros and cons of each:

Stream cipher, pros:
You can encipher one byte [one word] at a time, fairly quickly.
Stream cipher, cons:
You can't use the same key to encipher more than one message.

Block cipher, pros:
You can use one key to encipher more than one message.
Block cipher, cons:
You must encipher multiples of the block size.
Fairly CPU intensive; slow.

ARC4 pros:
Well known, easily memorized, hard to incorrectly implement.
5 clocks per byte of keystream.
ARC4 cons:
Minor bias in first bytes, (avoidable, discard first N bytes).
Tiny correlation over large amounts of data (hard for enemy to detect).

AES pros:
Fairly secure, well cryptanalysed.  No known weaknesses.
AES cons:
Complicated, easy to screw up... you almost have to copy someone elses
implementation if you want it to be correct.

> Couldn't you just use the 128 bit block size of Rijndael as a
> (somewhat small) buffer for your traffic? Be honest, what would be the
> overhead from the 128 bit boundaries?

How much overhead?  I'd say up to 128 bits.  Plus having a 128 bit IV.

Whereas, with ARC4/Ciphersaber, there's only a 80 bit overhead for an
IV, and no need for this kind of blocking.

> AES seems so much more secure in the long run than RC4!

But AES is slower, more awkward, and has more overhead.  Also, even if
ARC4 might not be not quite as secure as AES, it is surely *secure
enough* for this application.

-- 
A solution in hand is worth two in the book.