Page 1 of 1

Practical attack on RC4 encryption

Posted: Wed Jun 27, 2012 11:30 am
by OHPen

these days I'm facing a crypto problem with RC4 encryption.

I know that there is a function which constructs the RC4 key, which is used to initialize the state. The key is 20 bytes large and constructed by function which receives two parameters. one parameter is 20 byte large and known to me, the other parameter is 32 byte long and not known to me. the algorithm inside the key construction function is proprietary and also unknown. after the key construction "merges" the two parameters somehow the final key is returned and can be used for enc/dec operation.

I own parts of the original plain text, lets says something about 4 - 16 bytes of a message which can be up to 256 bytes long. the bytes which are known are at the beginning of the message.

I'm everything else but a crypto guru so I have two quests to the gurus:

1. As i know parts of the seeds which are used to construct the key, is it ( not only virtually ;) ) possible to bruteforce the original key by use of the supplied information within a reasonable amount of time ?

2. If not, is there any other approach which my work to recover the original key from the supplied information ?

I read a few papers regarding attacks on RC4, but i have to admit, that most of them are quite loaded with lots of math. So if you have an explanation for me which is also intended for a non-math guru, it would be great!!!

Thanks in advance!


Posted: Thu Jun 28, 2012 6:20 am
by OHPen
Ok, so I found a solution my problem. I was able to identify the nature of the first parameter, which was unknown to me. Knowing what type of information is supplied + some side information i was able to reduce the key space and a brute force attack can be executed within a reasonable amout of time.

So no more krypto analysis needed.

Nevertheless if we have some RC4 expert here, feel free to answer anyway, I really would appreciate it!