ietf-openpgp
[Top] [All Lists]

Re: Next Steps

2007-11-06 16:30:16

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On Nov 6, 2007, at 2:18 PM, Hal Finney wrote:


I would be very cautious about using RC4. Every year it seems to get
weaker. In the past year alone there have been four new attacks on it
published on the eprint.iacr.org servers: 2007/305, 2007/261,  
2007/208,
and 2007/070. I would not be at all enthusiastic about putting it into
OpenPGP.

Yes, but there are also ways that you can use RC4 to make it safer. I  
think that if there were an RC4 draft that had those things taken  
into account, it might be okay. This has the drawback of having  
OpenPGP having *another* eccentricity in its crypto use, but there's  
a good reason for the eccentricity.

I'm willing to look at a sketch of how it could be made safe.

        Jon




-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 2.6.3
Charset: US-ASCII

wj4DBQFHMPRQsTedWZOD3gYRAkz8AJY3tkUwnQkRSOvEmJqcXnl6pCzRAKDjlsgs
6sMVmeRGWa6HFX1Igv4D5A==
=q2Xo
-----END PGP SIGNATURE-----

<Prev in Thread] Current Thread [Next in Thread>