On Sun, Mar 12, 2006, Manuel Arguelles wrote: > Hello list, > > I have been using RC4 to encrypt some files, everything is working ok, the > problem is that I have been reading and it seems that the best way to add > extra security to RC4 is to encrypt some data and throw it away before > encrypting the real one, at least 12*256 bytes, so it's internals can get > enought scrambling. I'm using BIO's and I suppose that the RC4 > intialization takes place within this call: > > BIO_set_cipher(cipher, EVP_rc4(), key, NULL, 1); > > The problem is that after calling BIO_flush(cipher); I can't encrypt > anything else without calling BIO_set_cipher before encrypting. Does > Bio_flush unitialize the cipher method? is there any other way to > accomplish what I'm trying to do here? I'm planning to call my encrypt > function like 1 time each second or two, there may be a security problem > if I need to initialize the RC4 each time right? >
The best way to add security is not to use RC4. If you have to use RC4 the main thing to be aware of is that you should *never* reuse the same key for encrypting different data. Quite a few security issues have occurred due to people ignoring that... Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
