Path: cactus.org!news.dell.com!swrinde!howland.reston.ans.net!math.ohio-state. + edu!caen!msuinfo!netnews.upenn.edu!netaxs.com!unix3.netaxs.com!soneill From: soneill@unix3.netaxs.com (Steve O'Neill) Newsgroups: sci.crypt Subject: Re: Doing Better than XOR in RC4-like Algorithms Date: 16 Nov 1994 12:31:51 GMT Organization: Netaxs Internet BBS and Shell Accounts Lines: 24 Message-ID: <3acu3n$36j@netaxs.com> References:<3a7llc$kej@netaxs.com> NNTP-Posting-Host: unix3.netaxs.com In reply to Stewart Strait's answer to my statement that using the same key for two messages in RC4 doesn't necessarily make analyzing the resulting cryptexts trivial, I must state that his comments on finding frequencies of occurence are quite valid _if_ the plaintext is English text. However, in my original post, I did say that "in the general case", XORing out the common key doesn't help. To me, this means that the "plaintext" can be binary, compressed text, Fijian text, or anything else. If an attacker doesn't know in advance what the nature of the original messages is, having the XOR of two messages in front of him doesn't give him _any_ information. If it did, then every one-time pad ever devised would have been broken, since XORing one unknown message with another unknown message is equivalent to a one-time pad. Of course, this illustrates the old dictum that the biggest difficulties in keeping information secret are operational, not functional. IF you can keep possible attackers from gaining _any_ knowledge of the nature of your transmissions, then an encryption algorithm like RC4 can keep your information confidential. In the real world, however, this is almost impossible to guarantee. So, from an operational point of view, changing keys for every transmission is an absolute requirement. Steve O'Neill