Comments on: Matlab, RC4, and Crypto-Graphics http://www.cryptosmith.com/archives/621 Authentication, crypto, information security, and life with gadgets - Rick Smith Wed, 30 Jun 2010 12:30:42 +0000 hourly 1 http://wordpress.org/?v=abc By: Dr. Rick Smith http://www.cryptosmith.com/archives/621/comment-page-1#comment-8206 Dr. Rick Smith Fri, 22 May 2009 12:52:52 +0000 http://www.cryptosmith.com/?p=621#comment-8206 Regarding the Wikipedia example: originally, the white noise image included a comment admitting that it was <em>not</em> produced by applying the block mode to the plaintext. The white noise image was, in fact, white noise. The image may have been replaced since then, but there's no way to tell. I've been working on this example to produce images that were actually the result of applying a block cipher mode. I posted the failed mode image <em>because</em> the mistake displays itself so clearly. Most of the time, it's hard for a novice to <em>see</em> a cryptographic failure. However, the failure is not a mode failure. This is an RC4 problem, probably caused by using too small of a key: only 64 bits. Back when browsers used so-called 40-bit keys, they incorporated lots of salt to make the actual key length 128 bits. My successful example used the same mode logic, but the RC4 key was built from 64 bits of input and 64 bits of salt. After I'd worked up this example I finally stumbled across AES implemented in Matlab, so now I'm thinking about redoing it all with AES. Regarding the Wikipedia example: originally, the white noise image included a comment admitting that it was not produced by applying the block mode to the plaintext. The white noise image was, in fact, white noise. The image may have been replaced since then, but there’s no way to tell. I’ve been working on this example to produce images that were actually the result of applying a block cipher mode.

I posted the failed mode image because the mistake displays itself so clearly. Most of the time, it’s hard for a novice to see a cryptographic failure. However, the failure is not a mode failure. This is an RC4 problem, probably caused by using too small of a key: only 64 bits. Back when browsers used so-called 40-bit keys, they incorporated lots of salt to make the actual key length 128 bits. My successful example used the same mode logic, but the RC4 key was built from 64 bits of input and 64 bits of salt.

After I’d worked up this example I finally stumbled across AES implemented in Matlab, so now I’m thinking about redoing it all with AES.

]]> By: adam http://www.cryptosmith.com/archives/621/comment-page-1#comment-8205 adam Fri, 22 May 2009 07:26:01 +0000 http://www.cryptosmith.com/?p=621#comment-8205 The ECB image I believe - same as the ECB encrypted linux penguin logo on the wikipedia article on this. However the CBC mode and RC4 images - has to be a mistake or misunderstanding about how you use those modes, there should be nothing whatsoever visible - both should look like white noise. Adam The ECB image I believe – same as the ECB encrypted linux penguin logo on the wikipedia article on this.

However the CBC mode and RC4 images – has to be a mistake or misunderstanding about how you use those modes, there should be nothing whatsoever visible – both should look like white noise.

Adam

]]>