RC4/RC2 exercises
These are similar to the Cryptopals exercises, but are specific to RC2 and RC4.
On RC4:
These exercises will use a 256-byte (2048-bit) RC4 variant, with "128-bit" RC4 being the same 16 bytes repeated.
Exercise 1: Implement 256 byte RC4. Start by testing with the same 16 bytes repeated.
Exercise 2: Read https://www.rc4nomore.com/ and implement the attack. Compare the results of a random 256 byte value with the same 16 byte value repeated.
Exercise 3: With RC4 with the same 16 bytes repeated, make a few bytes a fixed value like 0xFF and the other bytes random. See which bytes of the key stream are affected. Do the same with the full 256 bytes RC4 and compare.
Exercise 4: Make the last three bytes a counter like WEP, and see which bytes of the keystream are affected.
Now, on RC2:
Exercise 1: Implement RC2 in counter mode.
Exercise 2: Implement the attack in https://www.schneier.com/academic/paperfiles/paper-relatedkey.pdf against the keystream.
Exercise 3: According to https://www.schneier.com/academic/smime/download.html : "However, if you shift the whole table over a byte, and then change a couple of bytes, you now have the table for a different key"
See how this affect the mixing/mashing round of RC2. And read the paper https://www.cryptrec.go.jp/exreport/cryptrec-ex-1042-2001.pdf . Create a distinguisher for the keystream based on this information.
Excecise 4: Implement the Schneier attack with 64-bit keys instead of 40-bit keys using something like a GPU, as used in for example Lotus Notes.
Feel free to send answers via email to yuhongbao_386 at hotmail dot com.
On RC4:
These exercises will use a 256-byte (2048-bit) RC4 variant, with "128-bit" RC4 being the same 16 bytes repeated.
Exercise 1: Implement 256 byte RC4. Start by testing with the same 16 bytes repeated.
Exercise 2: Read https://www.rc4nomore.com/ and implement the attack. Compare the results of a random 256 byte value with the same 16 byte value repeated.
Exercise 3: With RC4 with the same 16 bytes repeated, make a few bytes a fixed value like 0xFF and the other bytes random. See which bytes of the key stream are affected. Do the same with the full 256 bytes RC4 and compare.
Exercise 4: Make the last three bytes a counter like WEP, and see which bytes of the keystream are affected.
Now, on RC2:
Exercise 1: Implement RC2 in counter mode.
Exercise 2: Implement the attack in https://www.schneier.com/academic/paperfiles/paper-relatedkey.pdf against the keystream.
Exercise 3: According to https://www.schneier.com/academic/smime/download.html : "However, if you shift the whole table over a byte, and then change a couple of bytes, you now have the table for a different key"
See how this affect the mixing/mashing round of RC2. And read the paper https://www.cryptrec.go.jp/exreport/cryptrec-ex-1042-2001.pdf . Create a distinguisher for the keystream based on this information.
Excecise 4: Implement the Schneier attack with 64-bit keys instead of 40-bit keys using something like a GPU, as used in for example Lotus Notes.
Feel free to send answers via email to yuhongbao_386 at hotmail dot com.
Comments
Post a Comment