Good point.
Ok, drop MD5 from consideration and any other known weak systems.
Thanks, it makes issues much, much easier for me. Its like you are
doing a presidential debate and the candidate suddenly decides to
appear in flared trousers. Perfectly functional but off message.
RC4 is *very* fast. Fast implementations of RC4 are a matter of a
dozen or so lines of code. RC4 has been studied a lot and as long as
you have a reasonably large initial-value (IV) block.
Err, that would not be a good description of the situation. RC4 is
very fragile, the design in SSL was done by one of the very best
people in the business. It is very easy to make a blooper with a
stream cipher and that is why lots of us never use them.
The problem is not the strength of the stream cipher itself (although
this is an issue with RC4), block ciphers are very forgiving of protocol
errors in a way that stream ciphers are not. WEP v1 is perfectly
secure if you use a block cipher.
The other problem is that setup on steam ciphers tends to be much
more expensive than for block ciphers and is rarely done in hardware.
I don't know that RC4 would be an advantage speed wise, it could be
worse for this message size.
(Why WEP chose
to use only 3 bytes, I have no diea.) RC4 can easily generate as
large or as small of a "hash" token as you want. Accelerators are
available if you need really fast systems.
WEP chose 3 bytes because they tried to avoid using messages to
establish a crypto context. Those 3 bytes are required in every
packet sent. Not good at all :-(
Phill