It's getting a little annoying to hear you say we don't know
anything. The antidote to ignorance is to learn something.

No, the WEP guys didn't fail to do their homework. When they designed
the system, it wasn't understood that a) the first few bytes revealed a
tiny bit about the key and b) knowing the progression of generated keys
allowed this to be exploited.

WPA uses RC4, but doesn't have a predictable sequence of generated keys
and doesn't reuse a key, so it doesn't have the problem.

So, if you have something to say, say it. If you have a comment, a
question, an objection, or a suggestion, we're all ears. In specific,
if there is something about Firebird requirements or communication
mechanisms, ask. I don't think the requirements are at all settled, so
that's a good place to start, if you'd like to do something constructive.

On 11/13/2010 6:37 PM, Geoff Worboys wrote:
> Jim Starkey wrote:
> [...]
>> Attached are the RC4 transform, an abstract "cipher" transform
>> for polymorphic ciphers, and an update of the AES transform
>> with optional CBC (cipher block chaining) to make Geoff happy.
> If you think CBC will "make Geoff happy" then you obviously
> understood almost nothing of what I wrote ... but then that
> was pretty much what I expected.
>
> I have no problems with a good implementation of RC4 as a
> stream cipher, but I do not understand Firebird's requirements
> well enough to know whether the properties of some of the
> alternatives could be desirable. I suspect that WEP's problem
> was having a developer that didn't bother to learn about the
> best way to implement encryption before starting to use it,
> and that does sound rather familiar doesn't it.
>


--
Jim Starkey
Founder, NimbusDB, Inc.
978 526-1376