Score:0

RC4-40 with IV (32-bit) setup

pk flag

I have taken this implementation of RC4 written in C.

I have 40-bit key and 32-bit IV (both in hex).

So, questions is about KSA step:

  1. How should I transform hex key value into the char array? Just convert it to long?

  2. Where should I introduce IV? (Some write to concat it with the key, others write that S is already IV)

  3. If S is already IV, how should I transform my 32-bit IV into 40-bit array? The following way ?

    for (int i = 0; i < 32; i++) S[i] = (iv >> (32 - 1 - i)) & 1; ?

I have made some investigation before asking here but cannot find answers.

fgrieu avatar
ng flag
As told in the [answer](https://crypto.stackexchange.com/a/99456/555), 40 bit is too short a key, and can't be safe. And concatenating even a wider key and IV is unsafe. Thus it's unclear how the question's "should" is to be understood. Is it reproducing some existing system? In which case it should be researched was this system is and what it does. Concatenating key and IV (and perhaps padding with zeroes to 256 bytes) would be one of the simplest. But again, this is not safe. If it's wanted a safe system based on RC4, [key streching](https://en.wikipedia.org/wiki/Key_stretching) would help.
Score:3
fr flag

RC4 does not take an IV. This is relatively uncommon in stream ciphers, but it is the case in RC4.

It seems tempting to just concatenate the key with the IV, and this is the approach taken in WEP. This approach is also completely insecure, because RC4 is vulnerable to related key attacks. Combined with the fact that the RC4 keystream has significant biases even when used with a completely random key, this is usually sufficient to recover plaintext. Doing this for WEP can be done with automated tools relatively quickly even for a 104-bit key.

You should not use RC4 for any purpose these days, and definitely not with a 40-bit key. If you need a secure stream cipher with IV, I'd recommend ChaCha20 with a 256-bit key. It is both more secure and faster than RC4.

If you plan to use a random IV, then I'd recommend the XChaCha20 variant, which allows a random 192-bit nonce. The nonce for regular ChaCha20 is too short to use random nonces due to the risk of a collision, but it's fine if you are going to use a counter-based nonce approach.

If you are using this in the real world, you'll want integrity protection as well, which is usually provided by Poly1305 in conjunction with ChaCha, but you could use HMAC encrypt-then-MAC as well.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.