Incryptography,RC4 (also known asARC4 orARCFOUR meaning Alleged RC4, see below) is one of the most common softwarestream ciphers. It is used in popular protocols likeSecure Sockets Layer (SSL) (to protect Internet traffic) andWEP (to secure wireless networks).
RC4 is known for being simple and quick, but attacks are likely to happen when the start of the outputkeystream is not removed, or one keystream is used twice; some ways of using RC4 can turn into very insecurecryptosystems such asWEP.
RC4 was created byRon Rivest ofRSA Security in 1987. While its official name is "Rivest Cipher 4", the RC abbreviation is also known to stand for "Ron's Code"[1] (see alsoRC2,RC5 andRC6).
RC4 was first created as atrade secret, but in September 1994 a description of it was posted to theCypherpunksmailing list.[2] It was soon posted on thesci.cryptnewsgroup, and from there to manywebsites on theInternet. The code was confirmed to be genuine(not fake) as its output matched that ofproprietary software using licensed RC4. Because thealgorithm is known, it is no longer atrade secret. The name "RC4" istrademarked, however. RC4 is often referred to as "ARCFOUR" or "ARC4" (meaningAllegedRC4, becauseRSA has never officially released the algorithm), to avoid possibletrademark problems. It has become part of some commonly usedencryption protocols and standards, includingWEP andWPA for wireless cards andTLS.
The two main reasons which helped its use over such a big range ofapplications are its speed and simplicity. Uses of RC4 in both software and hardware are extremely easy to develop.
The RC4encryption algorithm is started with a differentkey length, usually between 40 and 256 bits, using thekey-scheduling algorithm (KSA). Once this has been completed, the stream ofencrypted bits is created using thepseudo-random generation algorithm (PRGA).
RC4 fails the standards set bycryptographers for a securecipher in many ways, and is not recommended for use in new applications as there are a lot of methods of attacking RC4. Dropping the first kilobyte of data from the keystream can improve the security somewhat.
Where a cryptosystem is marked with "(optionally)", RC4 is one of several ciphers the system can be set to use.
RC4
RC4 in WEP