Are there known practical attacks on RC4-dropN?

Asked Jan 27 '16 at 03:09

Active Jan 27 '16 at 06:55

Viewed 52 times

RC4 is known to leak information about the first few bytes of the ciphertext due to keystream biases.

However, are there known attacks on RC4-drop[N] where N is large enough, that leak information about the plaintext?

Edit: I am NOT planning on using this in actual software (I would use ChaCha20, Salsa20, or XSalsa20 instead, which are far more secure and just as fast), but rather interested as a matter of curiosity.

edited Jan 27 '16 at 06:55

asked Jan 27 '16 at 03:09

Demi

4,793
1
19
39

It should be noted that RC4-drop[n] is a fix for the self-defining issue you mentioned but is still not a protocol that should be used and is now considered obsolete even with said theoretical fix e.g.: "RC4 can no longer be seen as providing a sufficient level of security for TLS sessions." from https://tools.ietf.org/html/rfc7465 and https://goo.gl/LxKLgs What problem are you trying to solve? May I suggest NOT using RC4 no matter the 'n'? – jb41 Jan 27 '16 at 04:20

Are there known practical attacks on RC4-dropN?

0 Answers0