In cryptography, RC4 (also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is one of the most common software stream ciphers. It is used in popular protocols like Secure Sockets Layer (SSL) (to protect Internet traffic) and WEP (to secure wireless networks).

RC4 is known for being simple and quick, but attacks are likely to happen when the start of the output keystream is not removed, or one keystream is used twice; some ways of using RC4 can turn into very insecure cryptosystems such as WEP.

RC4 was created by Ron Rivest of RSA Security in 1987. While its official name is "Rivest Cipher 4", the RC abbreviation is also known to stand for "Ron's Code"[1] (see also RC2, RC5 and RC6).

RC4 was first created as a trade secret, but in September 1994 a description of it was posted to the Cypherpunks mailing list.[2] It was soon posted on the sci.crypt newsgroup, and from there to many websites on the Internet. The code was confirmed to be genuine(not fake) as its output matched that of proprietary software using licensed RC4. Because the algorithm is known, it is no longer a trade secret. The name "RC4" is trademarked, however. RC4 is often referred to as "ARCFOUR" or "ARC4" (meaning Alleged RC4, because RSA has never officially released the algorithm), to avoid possible trademark problems. It has become part of some commonly used encryption protocols and standards, including WEP and WPA for wireless cards and TLS.

The two main reasons which helped its use over such a big range of applications are its speed and simplicity. Uses of RC4 in both software and hardware are extremely easy to develop.

The RC4 encryption algorithm is started with a different key length, usually between 40 and 256 bits, using the key-scheduling algorithm (KSA). Once this has been completed, the stream of encrypted bits is created using the pseudo-random generation algorithm (PRGA).

RC4 fails the standards set by cryptographers for a secure cipher in many ways, and is not recommended for use in new applications as there are a lot of methods of attacking RC4. Dropping the first kilobyte of data from the keystream can improve the security somewhat.

RC4-based cryptosystems

change

Where a cryptosystem is marked with "(optionally)", RC4 is one of several ciphers the system can be set to use.

change

References

change
  1. Rivest FAQ
  2. Cypherpunks mailinglist (1994-09-09). "Thank you Bob Anderson". Retrieved 2007-05-28.

Other websites

change

RC4

RC4 in WEP