|
RC4From CryptoDox, The Online Encyclopedia on Cryptography and Information Security(Redirected from RC4 (cipher))
RC4 is a stream cipher designed by Ronald Rivest for RSA Security in 1987. It stands for "Rivest Cipher 4". RC4 is also called ARCFOUR or ARC4 (meaning Alleged RC4, because RSA has never officially released the algorithm), to avoid using the term "RC4" (a trademark of RSA Security). It is a variable key-size stream cipher with byte-oriented operations. The algorithm is based on the use of a random permutation. RC4 is a very popular algorithm. It is currently used to secure many wireless protocols. It is used in WEP and WPA and CipherSaber [1], as well as SSL.
HistoryRC4 is not patented, but it is a trade secret of RSA Security. An alleged copy of the RC4 source code [2] was published anonymously in 1994. This code behaves identically to the official RC4. CryptanalysisThe WEP and WEP2 protocols are considered "broken" by RSA Security. As long as the initial key-scheduling setup is sufficiently random, RSA Security considers other protocols based on RC4 (such as SSL) to be secure. RSA recommends that new applications based on RC4 both
Either or both of these techniques avoid the weaknesses that broke WEP and WEP2. RSA security also suggests considering the AES or RC6 for new applications. On the other hand, in 2005 Phil Zimmermann said that the way Microsoft Word and Excel documents used RC4 was "flawed". "Stream ciphers have to be used most carefully. Any failure to do this will result in a disastrous loss of security," Zimmermann said. "Even with a properly chosen initialisation vector, you have to run RC4 for a while before the quality of the stream cipher is good enough to use." ... "They should just stop using RC4. It would be better to switch to a block cipher."
See AlsoBooks of Interest
External Links
|