kb:arcfouralgorithm [be serious]

이 문서는 읽기 전용입니다. 원본을 볼 수는 있지만 바꿀 수는 없습니다. 문제가 있다고 생각하면 관리자에게 문의하세요.
====== Arcfour Algorithm ======
see [[http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt | A Stream Cipher Encryption Algorithm "Arcfour"]] by K.Kaukonen, R.Thayer


====== 소스 ======
==== Algorithm ====
<code cpp>
////////////////////////////////////////////////////////////////////////////////
/// \class cArcfourStream
/// \brief "Arcfour"라는 Stream Cipher 알고리즘 구현.
///
/// K.Kaukonen, R.Thayer 의 RFC 문서에 있는 소스를 대충 래핑했다. 
/// 자세한 내용은 아래의 링크를 참고하기 바란다.
///
/// http://www.mozilla.org/projects/security/pki/nss/draft-kaukonen-cipher-arcfour-03.txt
////////////////////////////////////////////////////////////////////////////////

class cArcfourStream
{
private:
    UINT32  m_X;
    UINT32  m_Y;
    UINT8   m_Sbox[256];


public:
    cArcfourStream(const UINT8 *key, UINT32 key_len)
    : m_X(0), m_Y(0)
    {
        for (UINT32 counter = 0; counter < 256; counter++) 
            m_Sbox[counter] = static_cast<UINT8>(counter); 
    
        UINT32 keyindex = 0; 
        UINT32 stateindex = 0; 
    
        for (UINT32 counter = 0; counter < 256; counter++) 
        { 
            UINT32 t = m_Sbox[counter]; 
            stateindex = (stateindex + key[keyindex] + t) & 0xFF; 
            UINT32 u = m_Sbox[stateindex]; 
    
            m_Sbox[stateindex] = static_cast<UINT8>(t); 
            m_Sbox[counter] = static_cast<UINT8>(u); 
    
            if (++keyindex >= key_len) keyindex = 0; 
        } 
    }

    virtual ~cArcfourStream() {}


public:
    void XOR(UINT8* buf, UINT32 len)
    {
        for (UINT32 i = 0; i < len; i++)
            buf[i] = buf[i] ^ GetByte();
    }

    template <typename T>
    void XOR(T* buf) 
    {
        XOR(reinterpret_cast<UINT8*>(buf), sizeof(T));
    }


private:
    UINT8 GetByte()
    {
        UINT32 x  = (m_X + 1) & 0xFF; 
        UINT32 sx = m_Sbox[x]; 
        UINT32 y  = (sx + m_Y) & 0xFF; 
        UINT32 sy = m_Sbox[y]; 
    
        m_X = x; 
        m_Y = y; 
        m_Sbox[y] = static_cast<UINT8>(sx); 
        m_Sbox[x] = static_cast<UINT8>(sy); 
    
        return m_Sbox[(sx + sy) & 0xFF]; 
    }
};
</code>

==== Sample Usage ====
<code cpp>
UINT8 mykey[] = { 
    0x29, 0x04, 0x19, 0x72, 0xFB, 0x42, 0xBA, 0x5F,  
    0xC7, 0x12, 0x77, 0x12, 0xF1, 0x38, 0x29, 0xC9 
}; 

cArcfourStream encryption(mykey, sizeof(mykey));
cArcfourStream decryption(mykey, sizeof(mykey));

UINT8 original[] = "Write Great Code, Volume 2 (2/E) "; 
UINT8 test[]     = "Write Great Code, Volume 2 (2/E) "; 

encryption.XOR(test, 33);
decryption.XOR(test, 33);

for (int i=0; i<33; ++i)
{
    if (test[i] != original[i])
    {
        Assert(false);
    }
}

int a = 9999;
int b = 9999;

encryption.XOR(&a);
decryption.XOR(&a);

if (a != b)
{
    Assert(false);
}
</code>


====== Security Considerations ======
원본 드래프트 문서에서 발췌...

This algorithm can be operated with several different key sizes.  If the key is 128 bits in length then this algorithm is believed to be secure.  If the key length is significantly shorter, specifically 40 bits, then there are known attacts that have been successfully applied.  For this algorithm to be operated in a cryptographically sound manner it is believed that a key length of 128 bits or more should be used.

On the other hand, the 40-bit version of this algorithm is specifically regulated by the U.S. Government.  This means that deployment of 40-bit implementations may be easier to export than alternative algorithms.

It must be strongly recommended that no two plaintexts are encrypted with the same key. Otherwise the plaintext can usually be broken, and often even quite easily. If the two encrypted messages are XORed together, the result is the XOR of the original plaintexts. Given the encrypted messages are text strings, credit card numbers, or other byte streams with some known properties, the plaintexts can be estimated with great accuracy. See the ''DAWSON AND NIELSEN'' for more details.

Initial cryptanalysis results are favorable, but the current literature should be consulted to assess the security of this cipher. A good starting point for a citation search would be ''GOLIC''.  For Internet news group posting, start with ''FINNEY'', ''JENKINS'' and ''ROOS''.

  * **References**
    * **DAWSON AND NIELSEN** \\ Dawson E. and Nielsen L. \\ Automated Cryptoanalysis of XOR Plaintext Strings, Cryptologia, April 1996, Volume XX, Number 2.
    * **FINNEY** \\ Finney, H. \\ Internet message posted to sci.crypt 21 September, 1994.
    * **GOLIC** \\ Golic, J. \\ "Linear Statistical Weakness of Alleged RC4 Keystream Generator." \\ In, W. Fumy (ed.), Proceedings of Eurocrypt
    * **JENKINS** \\ Jenkins, B. Internet message posted to sci.crypt 22 September, 1994.
    * **ROOS** \\ Roos, A. Internet message posted to sci.crypt 28 September, 1995.
----
  * see also [[StreamCipher]]
사용자 도구

사이트 도구

문서 도구
