Re: Help with RC4

Don't use RC4 for general purpose encryption. RC4 is a stream cipher which means it is easy to use improperly and compromise security. The most important thing about a stream cipher is never use the same key twice, because the ciphertext can be recovered.

Steam ciphers are useful when a random key is generated for each session, and fast performance and low overhead is needed. RC4 is used this way is SSL, but SSL is very careful to use it properly. A good example of using RC4 improperly is WEP. Through flaws in the protocol, it is possible to discover the key by sniffing the wireless network.

I would suggest using a block cipher, like AES or Blowfish. The Crypt::CBC module handles all the details of chaining modes.

Comment on Re: Help with RC4

Replies are listed 'Best First'.
Re^2: Help with RC4 by TStanley (Canon) on Jul 26, 2004 at 19:37 UTC
FYI: The AES or Advanced Encryption Standard is also known as Crypt::Rijndael TStanley -------- The only thing necessary for the triumph of evil is for good men to do nothing -- Edmund Burke	[reply]
Re^2: Help with RC4 by jmamer (Initiate) on Jul 26, 2004 at 20:31 UTC
Thank you. I had been pondering just this point. I liked RC4 because the package was a "pure perl" implementation and therefore would be transportable outside of the unix perl world. On the otherhand I had my doubts about RC4, but did not know that it was the culprit behind the problems with WEP. Looks like CBC + some block cypher (blowfish, IDEA, etc) is the way to go. regards j.	[reply]
Re^3: Help with RC4 by jdalbec (Deacon) on Jul 27, 2004 at 01:58 UTC
IIRC IDEA is still patented in the US. You may want to take that into account when choosing a cipher.	[reply]