RC4
| General | |
|---|---|
| Designers | Ron Rivest (RSA Security) |
| First published | Leaked in 1994 (designed in 1987) |
| Cipher detail | |
| Key sizes | 40–2048 bits |
| State size | 2064 bits (1684 effective) |
| Rounds | 1 |
| Speed | 7 cycles per byte on original Pentium Modified Alleged RC4 on Intel Core 2: 13.9 cycles per byte |
In cryptography, RC4 (also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to insecure protocols such as the obsolete WEP protocol historically used to secure WiFi networks.
There has long been speculation that some state cryptologic agencies may possess the capability to break RC4 when used in the TLS protocol. In response, the IETF published RFC 7465 to prohibit the use of RC4 in TLS; Mozilla and Microsoft have issued similar recommendations.
A number of attempts have been made to strengthen RC4, notably Spritz, RC4A, VMPC, and RC4+.