Flashcards in RC4 Deck (16):

1

## Which kind of cypher is RC4?

### Stream cypher

2

## What are the main characteristics of a stream cipher?

###
- Emulate one-time pad

- process message bit by bit (as stream)

- have a pseudo-random keystream

- combined (XOR) with plain text bit by bit

3

## Which is the main goal of the stream cyphers?

### The main goal is the randomness of stream key completely destroys statistical properties in message

4

## What can cause security issues in a bad stream cipher implementation?

### If the implementation reuses the stream key, it can compromise the implementation. Whenever the stream key is reused, we can recovery messages (using book cipher, for example).

5

## In which mode is RC4 operated?

### RC4 is operated in the output feedback mode (OFB)

6

## How does RC4 work?

###
1. The encryption algorithm generates a pseudo-random sequence RC4(IV, K) that depends only on the key K and an initialization vector IV

2. The plain text is then XORed with the pseudo-random sequence to obtain the cipher text and vice versa.

C1 = P1 XOR RC4(IV1, K)

P1 = C1 XOR RC4(IV1, K)

7

## What is the keystream?

### It is the pseudo-random sequence generated by RC4 based on IV (initialization vector) and K (the key).

8

## What is crucial to the security of the RC4 algorithm?

###
It is crucial to the security of the RC4 algorithm that the keystream is never reused, otherwise we would have two IV (initialization vectors) in which holds that IV1 = IV2 with the same key and then the XOR of two plain text can be obtained.

C1 XOR C2 = P1 XOR RC4(IV,K) XOR P2 XOR RC4(IV, K) = P1 XOR P2

9

## What is the key length of the RC4 algorithm?

### Since the key is used only as a seed, the key length is variable up to 2048 bit.

10

## Explain in details how does RC4 work.

###
RC4 uses two byte arrays of 256 elements: S[0,255], K[0,255].

Step1: Initialize the arrays

for all elements of S:

S[i] = i;

j := 0

for i from 0 to 255

j := (j + S[i] + key[i mod keylength]) mod 256

swap values of S[i] and S[j]

endfor

Step 2: generate the key stream

i := 0

j := 0

while GeneratingOutput:

i := (i + 1) mod 256

j := (j + S[i]) mod 256

swap values of S[i] and S[j]

K := S[(S[i] + S[j]) mod 256]

output K

endwhile

Step 3: XOR the keystream with the plain text or the cipher text

11

## How is the security of RC4 regarding to brute force attacks?

###
Trying every possible key using bruteforce:

- the variable key length of up to 2048 bit allows to make this kind of attack impractical.

- By reducing the key length can also be made arbitrarily insecure.

12

## How is the security of RC4 regarding to differential and linear cryptanalysis attacks?

### RSA claims that RC4 is immune to differential and linear cryptanalysis, and no small cycles are known.

13

## Is a 40bit key length secure enough?

### NO! It is not secure against brute force attacks

14

## Which transfer protocol uses RC4 with a key length of 40bit?

### SSL, which lacks security then.

15

## There are any known weaknesses of RC4?

### Yes, depending on the details of the key scheduling method it leads to severe vulnerabilities.

16