Why ARCFOUR/RC4? about codecrypt HOT 5 CLOSED

OK, first why RC4:

• it's dead simple, see the magically tiny arcfour.h
• it's the best fit I have found for the purpose in Codecrypt
• There has been no security issue with actual RC4 on any place where it was used properly, ever. If I'm wrong or if I'm not using it properly, please prove me wrong; feel free to ask me about implementation details. Also, please be sure to understand the nature of the major existing attacks "against RC4" before you try.
• I don't have much spare time to implement other ciphers, even if I'd like to.

Why NOT RC4:

• Bad reputation gained from software that uses it wrong. I understand that people like to step back when they see the "RC4" sticker atop of something because of TLS- and WEP-caused fears etc.
• It seems that simple that people don't understand why it's secure. But that's the case with many other symmetric ciphers.

Plans for other ciphers:

• I'd use Serpent or Camellia. It shouldn't be very hard to generalize the concept of cipher in Codecrypt in similar fashion as hash_func is generalized and inject it into Fujisaki-Okamoto code (and possibly make several versions of the algorithm that way).
• Usage of other ciphers will get problematic at some places (it's not like with RC4 which you can bend to do anything reasonable), but I guess it can get sorted out given enough programming force.
• If it goes good and I find a good implementation of Serpent/Camellia (Crypto++ impl. seems good at the first sight), I could have it working in 3-4 months (I really don't have enough time right now)

from codecrypt.

Leaving this open for possible discussion/explanation about current RC4 usage.

from codecrypt.

Awright, after some discussion and more research RC4 is going to get replaced in all internal stuff in next release. We now have XSYND and ChaCha20 implementations which more or less cover the properties of RC4; absolute RC4 avoidance will then depend on user choice -- I will certainly leave it there as an option.

The reason for doing this is the most recent attack on RC4, which gets reasonable results only from 2^24 pieces of keystream. While not practical yet, it may render RC4 insecure in some easily imaginable (although still uncommon/weird) situations.

Thanks for patience :]

from codecrypt.

PS. Serpent/Camellia are implemented in Crypto++ (already a soft dependency) so there's no problem with supporting those now as well.

from codecrypt.

Thanks...

from codecrypt.