accessing arcfour sboxes

Simon Josefsson
Thu, 02 Oct 2003 16:15:54 +0200

Werner Koch <> writes:

> On Sat, 27 Sep 2003 22:38:36 +0200, Moritz Schulte said:
>> What do you think about this, Simon, Werner?
> I think that Simon's needs are very special and would clutter
> Libgcrypt with stuff rarely needed.  Especially with the very simple
> Arcfour algorithm, a separate implementation - outside of Libgcrypt -
> makes sense to me.

I don't disagree with this.

> Simon, can you give us some hints why you need it?

The Kerberos cipher algorithms are specified to take an IV and return
an IV (as well as the actual data to work on), and I have modeled my
API after this.  There is a non-standard but allegedly widely used
Kerberos ARCFOUR cipher and some applications appear to support it
(e.g., Kerberos 'rsh').  Since stream cipher doesn't really have an IV
we can't return it.  But there is still a need to "carry on" the same
state to the next encryption, which essentially is what IV is about
anyway.  So implementations appear to use SBOX + i + j in this
situation as the IV, which would work fine when the crypto API allows
me to extract it.

But copying the ARCFOUR code into my application would work, I guess.