> Matthew Byng-Maddick[SMTP:[EMAIL PROTECTED]] writes: > > > On Sun, Feb 09, 2003 at 11:43:55PM -0500, Donald Eastlake 3rd wrote: > > been that you either throw away the first 256 bytes of stream key output > > > or use a different key on every message. WEP does neither. TKIP, the new > > > You NEVER, EVER, re-use the key for a stream cipher, if you do, you might > as well just give up. By re-using the key, I can get > plaintext (combinator) plaintext, which is easier to solve than > plaintext (combinator) cipherstream. > > It's one of those things, like re-using a pad. > > MBM > The weird thing about WEP was its choice of cipher. It used RC4, a stream cipher, and re-keyed for every block. . RC4 is not really intended for this application. Today we'd have used a block cipher with varying IVs if neccessary
I suspect that RC4 was chosen for other reasons - ease of export, smallness of code, or something like that. It runs fast, but rekeying every block loses most of that advantage. Just my personal musings.... Peter Trei --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
