無論如何，我們是否知道在 RC4 中避免自置換是否會使它變得更強大？

好的，所以很多關於 RC4 的問題都被問到了，但我想讓我的問題具體一點，希望可以回答。

RC4 設計，我相信讀過這篇文章的人都知道，它在 KSA 的第 1 階段使用自置換。

這個KSA好些了嗎？我們能輕易知道嗎？從安全的角度來看是否有證據，這實際上更糟，我們可以安全地假設它遭受了 RC4 KSA 遭受的大部分缺陷，並且如果我們不使用此程式碼：

for i from 0 to 255
   S[i] := i
endfor
j := 0
for i from 0 to 255
   j := (j + S[i] + key[i mod keylength]) mod 256
   swap values of S[i] and S[j]
endfor

但改為使用：

   s[0] = 181: s[1] = 172: s[2] = 179: s[3] = 178: s[4] = 177: s[5] = 168: s[6] = 175: s[7] = 174: s[8] = 173: s[9] = 164: s[10] = 171: s[11] = 170: s[12] = 169: s[13] = 160: s[14] = 167: s[15] = 166: s[16] = 197: s[17] = 188: s[18] = 195: s[19] = 194: s[20] = 193: s[21] = 184: s[22] = 191: s[23] = 190: s[24] = 189: s[25] = 180: s[26] = 187: s[27] = 186: s[28] = 185: s[29] = 176: s[30] = 183
   s[31] = 182: s[32] = 213: s[33] = 204: s[34] = 211: s[35] = 210: s[36] = 209: s[37] = 200: s[38] = 207: s[39] = 206: s[40] = 205: s[41] = 196: s[42] = 203: s[43] = 202: s[44] = 201: s[45] = 192: s[46] = 199: s[47] = 198: s[48] = 101: s[49] = 92: s[50] = 99: s[51] = 98: s[52] = 97: s[53] = 216: s[54] = 223: s[55] = 222: s[56] = 221: s[57] = 212: s[58] = 219: s[59] = 218: s[60] = 217
   s[61] = 208: s[62] = 215: s[63] = 214: s[64] = 117: s[65] = 108: s[66] = 115: s[67] = 114: s[68] = 113: s[69] = 104: s[70] = 111: s[71] = 110: s[72] = 109: s[73] = 100: s[74] = 107: s[75] = 106: s[76] = 105: s[77] = 96: s[78] = 103: s[79] = 102: s[80] = 133: s[81] = 124: s[82] = 131: s[83] = 130: s[84] = 129: s[85] = 120: s[86] = 127: s[87] = 126: s[88] = 125: s[89] = 116: s[90] = 123
   s[91] = 122: s[92] = 121: s[93] = 112: s[94] = 119: s[95] = 118: s[96] = 149: s[97] = 140: s[98] = 147: s[99] = 146: s[100] = 145: s[101] = 136: s[102] = 143: s[103] = 142: s[104] = 141: s[105] = 132: s[106] = 139: s[107] = 138: s[108] = 137: s[109] = 128: s[110] = 135: s[111] = 134: s[112] = 37: s[113] = 28: s[114] = 35: s[115] = 34: s[116] = 33: s[117] = 152: s[118] = 159: s[119] = 158: s[120] = 157
   s[121] = 148: s[122] = 155: s[123] = 154: s[124] = 153: s[125] = 144: s[126] = 151: s[127] = 150: s[128] = 53: s[129] = 44: s[130] = 51: s[131] = 50: s[132] = 49: s[133] = 40: s[134] = 47: s[135] = 46: s[136] = 45: s[137] = 36: s[138] = 43: s[139] = 42: s[140] = 41: s[141] = 32: s[142] = 39: s[143] = 38: s[144] = 69: s[145] = 60: s[146] = 67: s[147] = 66: s[148] = 65: s[149] = 56: s[150] = 63
   s[151] = 62: s[152] = 61: s[153] = 52: s[154] = 59: s[155] = 58: s[156] = 57: s[157] = 48: s[158] = 55: s[159] = 54: s[160] = 85: s[161] = 76: s[162] = 83: s[163] = 82: s[164] = 81: s[165] = 72: s[166] = 79: s[167] = 78: s[168] = 77: s[169] = 68: s[170] = 75: s[171] = 74: s[172] = 73: s[173] = 64: s[174] = 71: s[175] = 70: s[176] = 229: s[177] = 220: s[178] = 227: s[179] = 226: s[180] = 225
   s[181] = 88: s[182] = 95: s[183] = 94: s[184] = 93: s[185] = 84: s[186] = 91: s[187] = 90: s[188] = 89: s[189] = 80: s[190] = 87: s[191] = 86: s[192] = 245: s[193] = 236: s[194] = 243: s[195] = 242: s[196] = 241: s[197] = 232: s[198] = 239: s[199] = 238: s[200] = 237: s[201] = 228: s[202] = 235: s[203] = 234: s[204] = 233: s[205] = 224: s[206] = 231: s[207] = 230: s[208] = 5: s[209] = 252: s[210] = 3
   s[211] = 2: s[212] = 1: s[213] = 248: s[214] = 255: s[215] = 254: s[216] = 253: s[217] = 244: s[218] = 251: s[219] = 250: s[220] = 249: s[221] = 240: s[222] = 247: s[223] = 246: s[224] = 21: s[225] = 12: s[226] = 19: s[227] = 18: s[228] = 17: s[229] = 8: s[230] = 15: s[231] = 14: s[232] = 13: s[233] = 4: s[234] = 11: s[235] = 10: s[236] = 9: s[237] = 0: s[238] = 7: s[239] = 6: s[240] = 165
   s[241] = 156: s[242] = 163: s[243] = 162: s[244] = 161: s[245] = 24: s[246] = 31: s[247] = 30: s[248] = 29: s[249] = 20: s[250] = 27: s[251] = 26: s[252] = 25: s[253] = 16: s[254] = 23: s[255] = 22

j := 0
      for i from 0 to 255
       j := (j + S[i] + key[i mod keylength]) mod 256
       swap values of S[i] and S[j]
   endfor

我可以看到我們可能已經創造了新問題，並且可能修復了一些舊問題。有誰知道這個不太優雅的 KSA 有多有效？（至少在軟體中它同樣快，但它失去了它的所有優雅。這是最好的，“通過混亂獲得安全”還是它有真正的優勢？

想擴展我的評論作為答案。

RC4 中的 KSA 置換字節

$$ 0,1,…,255 $$用鑰匙，說 $ k_u $ . 對於這些字節的任何排列，都存在一個可以讓您獲得該排列的鍵。 您概述的想法基本上是從排列字節開始

$$ 0,1,…,255 $$根據一些固定的初始排列，然後根據密鑰排列字節。由於該初始排列可以用某個鍵來描述，因此將其稱為 $ k_{ip} $ ，你實際上擁有的是字節$$ 0,1,…,255 $$由 $ k_{ip};|;k_u $ （在哪裡 $ | $ 是串聯）。 所以你真正要問的是，在使用者傳入密鑰之前添加一些密鑰會使 RC4 更弱、更強還是沒有效果。我對 RC4 的攻擊不是很熟悉。看起來這種初始排列並沒有使 RC4 變得更弱。我懷疑它是否使它變得更強大，如果有的話。

引用自：https://crypto.stackexchange.com/questions/31770