Re: Arcfour in Ada

["Sam Simpson" <sam@samsimpson.com>]

Thomas Boschloo <nospam@multiweb.nl> wrote in message
news:3AA239E8.BB9AA911@multiweb.nl...
>
> Benjamin Goldberg wrote:
> >
> > Thomas Boschloo wrote:
>
> > > http://fling.sourceforge.net/wiki/index.php?full=arcfour
> > >
> > > Why did you decide to go for arcfour and not the AES
> > > http://www.nist.gov/aes ? AFAIK Arcfour or RC4 was originally a
> > > 'security by obscurity' cypher (Arcfour was (now illegal) reverse
> > > engineered from RC4 by www.rsa.com).
> >
> > Arcfour is not illegal, but the name "RC4" is trademarked.  To use a
> > cipher called "RC4" without liscencing that trademark is illegal.  To
> > use the algorithm is perfectly legal.
>
> I guessed with the new DMCA (digital millenium copyright act), reverse
> engineering RC4 might be deemed illegal as it possibly could be seen as
> some form of 'protection' that is circumvented. I mean, what is all the
> fuzz about DeCSS, 2600, eff about?! IANAL.

It may be illegal now, but the the public release of RC4 predates DMCA.


<SNIP>

> Funny that DoD doesn't have Rijndael in Ada, as they developed Ada in
> the first place :-P

I'm sure they do have AES in Ada, but that doesn't mean they have to publish
the fact?

> > > Couldn't you just use the 128 bit block size of Rijndael as a
> > > (somewhat small) buffer for your traffic? Be honest, what would be the
> > > overhead from the 128 bit boundaries?
> >
> > How much overhead?  I'd say up to 128 bits.  Plus having a 128 bit IV.

Use one of the chaining modes that can encrypt single bytes etc.

> > > AES seems so much more secure in the long run than RC4!
> >
> > But AES is slower, more awkward, and has more overhead.

Only if used in CBC.

> > Also, even if
> > ARC4 might not be not quite as secure as AES, it is surely *secure
> > enough* for this application.

Good point....

--
Regards,

Sam
http://www.scramdisk.clara.net/