Tech Insider					     Technology and Trends


			      USENET Archives

Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.privacy
Path: bga.com!news.sprintlink.net!redstone.interpath.net!ddsw1!
news.kei.com!yeshua.marcam.com!charnel.ecst.csuchico.edu!csusac!
csus.edu!netcom.com!sterndark
From: ster...@netcom.com (David Sterndark)
Subject: RC4 Algorithm revealed.
Message-ID: <sternCvKL4B.Hyy@netcom.com>
Sender: ster...@netcom.com 
Organization: NETCOM On-line Communication Services (408 261-4700 guest)
X-Newsreader: TIN [version 1.2 PL1]
Date: Wed, 14 Sep 1994 06:35:31 GMT
Lines: 263
Xref: bga.com sci.crypt:9992 alt.security:
4425 comp.security.misc:5443 alt.privacy:8623

I am shocked,  shocked, I tell you,  shocked, to discover
that the cypherpunks have illegaly and criminally revealed
a crucial RSA trade secret and harmed the security of
America by reverse engineering the RC4 algorithm and
publishing it to the world.
 
On Saturday morning an anonymous cypherpunk wrote:
 
 
   SUBJECT:  RC4 Source Code
 
 
   I've tested this.  It is compatible with the RC4 object module
   that comes in the various RSA toolkits.  
 
   /* rc4.h */
   typedef struct rc4_key
   {      
        unsigned char state[256];       
        unsigned char x;        
        unsigned char y;
   } rc4_key;
   void prepare_key(unsigned char *key_data_ptr,int key_data_len,
   rc4_key *key);
   void rc4(unsigned char *buffer_ptr,int buffer_len,rc4_key * key);
   
   
   /*rc4.c */
   #include "rc4.h"
   static void swap_byte(unsigned char *a, unsigned char *b);
   void prepare_key(unsigned char *key_data_ptr, int key_data_len,
   rc4_key *key)
   {
        unsigned char swapByte;
        unsigned char index1;
        unsigned char index2;
        unsigned char* state;
        short counter;     
        
        state = &key->state[0];         
        for(counter = 0; counter < 256; counter++)              
        state[counter] = counter;               
        key->x = 0;     
        key->y = 0;     
        index1 = 0;     
        index2 = 0;             
        for(counter = 0; counter < 256; counter++)      
        {               
             index2 = (key_data_ptr[index1] + state[counter] +
                index2) % 256;                
             swap_byte(&state[counter], &state[index2]);            
   
             index1 = (index1 + 1) % key_data_len;  
        }       
    }
    
    void rc4(unsigned char *buffer_ptr, int buffer_len, rc4_key *key)
    { 
        unsigned char x;
        unsigned char y;
        unsigned char* state;
        unsigned char xorIndex;
        short counter;              
        
        x = key->x;     
        y = key->y;     
        
        state = &key->state[0];         
        for(counter = 0; counter < buffer_len; counter ++)      
        {               
             x = (x + 1) % 256;                      
             y = (state[x] + y) % 256;               
             swap_byte(&state[x], &state[y]);                        
                  
             xorIndex = (state[x] + state[y]) % 256;                 
                  
             buffer_ptr[counter] ^= state[xorIndex];         
         }               
         key->x = x;     
         key->y = y;
    }
    
    static void swap_byte(unsigned char *a, unsigned char *b)
    {
        unsigned char swapByte; 
        
        swapByte = *a; 
        *a = *b;      
        *b = swapByte;
    }
 
 
 
Another cypherpunk, this one not anonymous, tested the
output from this algorithm against the output from
official RC4 object code
 
 
   Date: Tue, 13 Sep 94 18:37:56 PDT
   From: e...@eit.COM (Eric Rescorla)
   Message-Id: <940914013...@eitech.eit.com>
   Subject: RC4 compatibility testing
   Cc: cyphe...@toad.com
   
   One data point:
   
   I can't say anything about the internals of RC4 versus the
   algorithm that Bill Sommerfeld is rightly calling 'Alleged RC4',
   since I don't know anything about RC4's internals. 
   
   However, I do have a (legitimately acquired) copy of BSAFE2 and
   so I'm able to compare the output of this algorithm to the output
   of genuine RC4 as found in BSAFE. I chose a set of test vectors
   and ran them through both algorithms. The algorithms appear to
   give identical results, at least with these key/plaintext pairs.
   
   I note that this is the algorithm _without_ Hal Finney's
   proposed modification
   
   (see <1994091306...@jobe.shell.portal.com>).
   
   The vectors I used (together with the ciphertext they produce)
   follow at the end of this message.
   
   -Ekr
   
   Disclaimer: This posting does not reflect the opinions of EIT.
   
   --------------------results follow--------------
   Test vector 0
   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
   Input: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
   0 Output: 0x75 0xb7 0x87 0x80 0x99 0xe0 0xc5 0x96 
   
   Test vector 1
   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
   0 Output: 0x74 0x94 0xc2 0xe7 0x10 0x4b 0x08 0x79 
   
   Test vector 2
   Key: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
   0 Output: 0xde 0x18 0x89 0x41 0xa3 0x37 0x5d 0x3a 
   
   Test vector 3
   Key: 0xef 0x01 0x23 0x45 
   Input: 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 0x00 
   0 Output: 0xd6 0xa1 0x41 0xa7 0xec 0x3c 0x38 0xdf 0xbd 0x61 
   
   Test vector 4
   Key: 0x01 0x23 0x45 0x67 0x89 0xab 0xcd 0xef 
   Input: 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 0x01 
   0x01 
   0 Output: 0x75 0x95 0xc3 0xe6 0x11 0x4a 0x09 0x78 0x0c 0x4a 0xd4 
   0x52 0x33 0x8e 0x1f 0xfd 0x9a 0x1b 0xe9 0x49 0x8f 
   0x81 0x3d 0x76 0x53 0x34 0x49 0xb6 0x77 0x8d 0xca 
   0xd8 0xc7 0x8a 0x8d 0x2b 0xa9 0xac 0x66 0x08 0x5d 
   0x0e 0x53 0xd5 0x9c 0x26 0xc2 0xd1 0xc4 0x90 0xc1 
   0xeb 0xbe 0x0c 0xe6 0x6d 0x1b 0x6b 0x1b 0x13 0xb6 
   0xb9 0x19 0xb8 0x47 0xc2 0x5a 0x91 0x44 0x7a 0x95 
   0xe7 0x5e 0x4e 0xf1 0x67 0x79 0xcd 0xe8 0xbf 0x0a 
   0x95 0x85 0x0e 0x32 0xaf 0x96 0x89 0x44 0x4f 0xd3 
   0x77 0x10 0x8f 0x98 0xfd 0xcb 0xd4 0xe7 0x26 0x56 
   0x75 0x00 0x99 0x0b 0xcc 0x7e 0x0c 0xa3 0xc4 0xaa 
   0xa3 0x04 0xa3 0x87 0xd2 0x0f 0x3b 0x8f 0xbb 0xcd 
   0x42 0xa1 0xbd 0x31 0x1d 0x7a 0x43 0x03 0xdd 0xa5 
   0xab 0x07 0x88 0x96 0xae 0x80 0xc1 0x8b 0x0a 0xf6 
   0x6d 0xff 0x31 0x96 0x16 0xeb 0x78 0x4e 0x49 0x5a 
   0xd2 0xce 0x90 0xd7 0xf7 0x72 0xa8 0x17 0x47 0xb6 
   0x5f 0x62 0x09 0x3b 0x1e 0x0d 0xb9 0xe5 0xba 0x53 
   0x2f 0xaf 0xec 0x47 0x50 0x83 0x23 0xe6 0x71 0x32 
   0x7d 0xf9 0x44 0x44 0x32 0xcb 0x73 0x67 0xce 0xc8 
   0x2f 0x5d 0x44 0xc0 0xd0 0x0b 0x67 0xd6 0x50 0xa0 
   0x75 0xcd 0x4b 0x70 0xde 0xdd 0x77 0xeb 0x9b 0x10 
   0x23 0x1b 0x6b 0x5b 0x74 0x13 0x47 0x39 0x6d 0x62 
   0x89 0x74 0x21 0xd4 0x3d 0xf9 0xb4 0x2e 0x44 0x6e 
   0x35 0x8e 0x9c 0x11 0xa9 0xb2 0x18 0x4e 0xcb 0xef 
   0x0c 0xd8 0xe7 0xa8 0x77 0xef 0x96 0x8f 0x13 0x90 
   0xec 0x9b 0x3d 0x35 0xa5 0x58 0x5c 0xb0 0x09 0x29 
   0x0e 0x2f 0xcd 0xe7 0xb5 0xec 0x66 0xd9 0x08 0x4b 
   0xe4 0x40 0x55 0xa6 0x19 0xd9 0xdd 0x7f 0xc3 0x16 
   0x6f 0x94 0x87 0xf7 0xcb 0x27 0x29 0x12 0x42 0x64 
   0x45 0x99 0x85 0x14 0xc1 0x5d 0x53 0xa1 0x8c 0x86 
   0x4c 0xe3 0xa2 0xb7 0x55 0x57 0x93 0x98 0x81 0x26 
   0x52 0x0e 0xac 0xf2 0xe3 0x06 0x6e 0x23 0x0c 0x91 
   0xbe 0xe4 0xdd 0x53 0x04 0xf5 0xfd 0x04 0x05 0xb3 
   0x5b 0xd9 0x9c 0x73 0x13 0x5d 0x3d 0x9b 0xc3 0x35 
   0xee 0x04 0x9e 0xf6 0x9b 0x38 0x67 0xbf 0x2d 0x7b 
   0xd1 0xea 0xa5 0x95 0xd8 0xbf 0xc0 0x06 0x6f 0xf8 
   0xd3 0x15 0x09 0xeb 0x0c 0x6c 0xaa 0x00 0x6c 0x80 
   0x7a 0x62 0x3e 0xf8 0x4c 0x3d 0x33 0xc1 0x95 0xd2 
   0x3e 0xe3 0x20 0xc4 0x0d 0xe0 0x55 0x81 0x57 0xc8 
   0x22 0xd4 0xb8 0xc5 0x69 0xd8 0x49 0xae 0xd5 0x9d 
   0x4e 0x0f 0xd7 0xf3 0x79 0x58 0x6b 0x4b 0x7f 0xf6 
   0x84 0xed 0x6a 0x18 0x9f 0x74 0x86 0xd4 0x9b 0x9c 
   0x4b 0xad 0x9b 0xa2 0x4b 0x96 0xab 0xf9 0x24 0x37 
   0x2c 0x8a 0x8f 0xff 0xb1 0x0d 0x55 0x35 0x49 0x00 
   0xa7 0x7a 0x3d 0xb5 0xf2 0x05 0xe1 0xb9 0x9f 0xcd 
   0x86 0x60 0x86 0x3a 0x15 0x9a 0xd4 0xab 0xe4 0x0f 
   0xa4 0x89 0x34 0x16 0x3d 0xdd 0xe5 0x42 0xa6 0x58 
   0x55 0x40 0xfd 0x68 0x3c 0xbf 0xd8 0xc0 0x0f 0x12 
   0x12 0x9a 0x28 0x4d 0xea 0xcc 0x4c 0xde 0xfe 0x58 
   0xbe 0x71 0x37 0x54 0x1c 0x04 0x71 0x26 0xc8 0xd4 
   0x9e 0x27 0x55 0xab 0x18 0x1a 0xb7 0xe9 0x40 0xb0 
   0xc0 
   


-- 
 ---------------------------------------------------------------------
We have the right to defend ourselves and our
property, because of the kind of animals that we              James A. Donald
are.  True law derives from this right, not from
the arbitrary power of the omnipotent state.                jam...@netcom.com

Newsgroups: sci.crypt,alt.security,comp.security.misc,alt.privacy
Path: bga.com!news.sprintlink.net!howland.reston.ans.net!pipex!uknet!info!iialan
From: iia...@iifeak.swan.ac.uk (Alan Cox)
Subject: Re: RC4 Algorithm revealed.
Message-ID: <CwC393.I45@info.swan.ac.uk>
Sender: ne...@info.swan.ac.uk
Nntp-Posting-Host: iifeak.swan.ac.uk
Organization: Institute For Industrial Information Technology
References: <sternCvKL4B.Hyy@netcom.com>
Date: Sun, 18 Sep 1994 16:31:51 GMT
Lines: 19
Xref: bga.com sci.crypt:10137 alt.security:
4495 comp.security.misc:5520 alt.privacy:8790

In article <sternCv...@netcom.com> ster...@netcom.com (David Sterndark) writes:
>a crucial RSA trade secret and harmed the security of
>America by reverse engineering the RC4 algorithm and
>publishing it to the world.

ROTFL. _IF_ RC4 is secure they have done no harm. If it isn't secure you'll
be sitting on one less timebomb.

Secondly: Deducing an algorithm can be done legally. Its only maths which is
a pure abstract set of thought systems _NOT_ some kind of industrial secret.

Now if the person in question stole RSA's source I hope he gets caught. If
its been done by analysis then I hope he gets an award.

Alan
-- 
  ..-----------,,----------------------------,,----------------------------,,
 // Alan Cox  //  iia...@www.linux.org.uk   //  GW4PTS@GB7SWN.#45.GBR.EU  //
 ``----------'`----------------------------'`----------------------------''

			        About USENET

USENET (Users’ Network) was a bulletin board shared among many computer
systems around the world. USENET was a logical network, sitting on top
of several physical networks, among them UUCP, BLICN, BERKNET, X.25, and
the ARPANET. Sites on USENET included many universities, private companies
and research organizations. See USENET Archives.

		       SCO Files Lawsuit Against IBM

March 7, 2003 - The SCO Group filed legal action against IBM in the State 
Court of Utah for trade secrets misappropriation, tortious interference, 
unfair competition and breach of contract. The complaint alleges that IBM 
made concentrated efforts to improperly destroy the economic value of 
UNIX, particularly UNIX on Intel, to benefit IBM's Linux services 
business. See SCO v IBM.

The materials and information included in this website may only be used
for purposes such as criticism, review, private study, scholarship, or
research.

Electronic mail:			       WorldWideWeb:
   tech-insider@outlook.com			  http://tech-insider.org/