Lab Notes

Microsoft recently got busted for its flawed use of RC4 in Office documents. They are encrypting different data with the same key and initialization vectors, which is a big no-no, particularly when using a stream cipher like RC4. The vulnerability is very similar to the one that brought down WEP — an RC4-based system that suffers from initialization vector issues. It is, shall we say, "unusual" to use a stream cipher as a file encryption algorithm, but not necessarily a problem if done correctly. What is most galling with this flaw is that, as Bruce Schneier points out, Microsoft had the exact same flaw in a different component five years ago. History repeats itself.

My main issue with the article itself is the subheading: "Microsoft should sort flaw and abandon RC4 in favour of better ciphers, says PGP creator." RC4 is not a bad algorithm per se, you have to be careful about how you use it (which is true for any crypto algorithm). WEP uses RC4 in a flawed manner, but WEP's current replacement, TKIP, also uses RC4, and has (as yet) proven to be strong.