hi nettle folks--
the nettle docs say:
> In Nettle, most key setup functions have no return value, but
> for ciphers with weak keys, the return value indicates whether or not
> the given key is weak.
[...]
> A problem is that the key
> setup of ARCFOUR is quite weak, you should never use keys with
> structure, keys that are ordinary passwords, or sequences of keys like
> ``secret:1'', ``secret:2'', ...
[...]
> void arcfour_set_key (struct arcfour_ctx *ctx, unsigned length, const uint8_t *key)
> Initialize the cipher. The same function is used for both encryption and
> decryption.
Put together, these three statements seem contradictory.
If arcfour has weak keys, shouldn't arcfour_set_key return an int
indicating whether the key is considered weak (like the key setup
functions for BLOWFISH, DES, and DES3 do)?
Is the problem that there is no clear way to determine if an arcfour key
is weak?
--dkg