hi nettle folks--
the nettle docs say:
In Nettle, most key setup functions have no return value, but for ciphers with weak keys, the return value indicates whether or not the given key is weak.
[...]
A problem is that the key setup of ARCFOUR is quite weak, you should never use keys with structure, keys that are ordinary passwords, or sequences of keys like ``secret:1'', ``secret:2'', ...
[...]
void arcfour_set_key (struct arcfour_ctx *ctx, unsigned length, const uint8_t *key) Initialize the cipher. The same function is used for both encryption and decryption.
Put together, these three statements seem contradictory.
If arcfour has weak keys, shouldn't arcfour_set_key return an int indicating whether the key is considered weak (like the key setup functions for BLOWFISH, DES, and DES3 do)?
Is the problem that there is no clear way to determine if an arcfour key is weak?
--dkg