- Breaks are possible if gigabytes of known plaintext/known ciphertext stream are available but this is not a problem in practice.
- As with all stream ciphers, RC4 is easily broken if the same key is used twice. This problem is usually solved by hashing the key with a unique initialization vector (IV) each time it is used, and sending the IV along with the message.
- The Wired Equivalent Privacy implementation that uses RC4 encryption can be broken. In 2001 a new and surprising discovery was made: over all possible RC4 keys, the statistics for the first byte of output keystream are seriously non-random. This and related effects were then used to break the WEP encryption used with 802.11 wireless networks. WEP employed RC4 with many similar keys, opening it to attack. Current implementations often discard the first 256 bytes or more of the stream to avoid these problems. See Airsnort for more information.
SSL and RDP are not vulnerable to any of the above as they never use the same key twice.
It was developed in 1987 by Ronald Rivest and kept as a trade secret by RSA Data Security. On September 9, 1994, the ARC4 algorithm was anonymously posted on the Internet on the Cypherpunks anonymous remailers list. Because the output of both algorithm are the same, it was believed that ARC4 was a faithful clone of RSA’s proprietary RC4. Since then commonly RC4 refers to properly licenced implementation while ARC4 refers to the public domain version, e.g. the term ARC4 is used in OpenSSH.
RC4 uses a variable length key from 1 to 256 bytes to initialize a 256-byte state table. The state table is used for subsequent generation of pseudo-random bytes and then to generate a pseudo-random stream which is XORed with the plaintext to give the ciphertext. Each element in the state table is swapped at least once.
RC4 is initialised from a secret key. Then it generates a “keystream” which is simply XORd with the plaintext to produce the ciphertext. Decryption is exactly the same as encryption. One reason for its popularity is its simplicity. The algorithm can be memorized and quickly implemented from memory. It uses 256 bytes of memory, S through S, and it uses integer variables, i, j, and k. A message is encrypted or decrypted with this algorithm:
for i = 0 … 255
S[i] = i
for i = 0 … 255
j = (j + S[i] + key[i mod key-length]) mod 256
i = 0
j = 0
loop until the entire message is encrypted/decrypted
i = (i + 1) mod 256
j = (j + S[i]) mod 256
k = S[(S[i] + S[j]) mod 256]
output the XOR of k with the next byte of input
RC4 is one of the fastest ciphers to be widely used for serious work.
TakeDown.NET -> “RC4”