#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2011
    Posts
    144
    Rep Power
    60

    Combinig RC4 and MD5 to remove well known Bias in RC4


    I like to share the idea that a combination of RC4 and MD5 may remove
    the well known bias of RC4 as a mitigation against attacks described in
    this paper http://www.rc4nomore.com/slides_usenix2015.pdf
    (RC4 NOMORE)

    In simple terms:

    *) first we capture 16 byte of the RC4 keystream

    *) hash the captured byte with MD5

    *) XOR the hash against the captured byte to produce the final keystream
    for encryption/decryption.


    A very simple example source code is available here
    Index of /crypto/rc4_mdX

    You need to download the md5 folder as well, because in the example
    source code it will be included in order to generate a monolithic
    one-file executable. Of course you are free to change the source code if
    you prefer including differently.


    [Edit]: Forgot to mention that it's not only eliminating the know bias of RC4 but
    also, to some extend, act as a protection against a simple revelation of either the MD5 hash
    or the RC4 keystream based on known plaintext according to my current knowledge.
    Last edited by Karl-Uwe Frank; May 19th, 2017 at 01:17 PM.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jul 2011
    Posts
    144
    Rep Power
    60
    In both previous posting I used the terminology "remove" and
    "eliminating" in context of the well known bias of RC4, which is incorrect.

    Actually in the published scheme the bias of RC4 still persist, because
    it's inherent to the algorithm. The scheme will just "cover" this bias
    by "interweaving" the RC4 keystream with its hash value and therefore
    make it far more complicated to exploit it.

    To my current understanding an attacker would need to separate the RC4
    keystream and the MD5 hash from the applied encryption keystream in
    order to mount an attack, which I assume quite a very difficult task.

    But perhaps someone here can offer any idea on how to manage an attack
    on this primitive scheme?

IMN logo majestic logo threadwatch logo seochat tools logo