Inverse RC4
Apr. 3rd, 2009 02:44 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
foxgrrlGiven the keystream output from RC4 (ARC4), is there an inverse RC4 function which would give me either the key schedule or even the original key.
I have the plaintext, the cyphertext, the key stream, and the nonce which is mixed with an unknown key. I'm trying to recover that unknown key part.
Assume that the first N-bytes of the keystream were not discarded.
I have the plaintext, the cyphertext, the key stream, and the nonce which is mixed with an unknown key. I'm trying to recover that unknown key part.
Assume that the first N-bytes of the keystream were not discarded.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2009-04-05 02:26 am (UTC)The fact that the first N bytes are not dropped is only helpful if you have lots of keystreams using the same nonce (which was the case in WEP). See http://en.wikipedia.org/wiki/Fluhrer,_Mantin,_and_Shamir_attack
Are you trying to attack a specific protocol or implementation that uses RC4? You can always hope that it has been implemented or used incorrectly, although it's one of the easiest ciphers to implement. How is the nonce combined with the rest of the key, and what is the source of randomness for the key?