RC4 Encryption Algorithm Definition
The RC4 encryption algorithm, also known as ARC4 or ARCFOUR, meaning Alleged RC4, was designed by Ron Rivest of RSA Security in 1987. RC4 is a symmetric key stream cipher and variable key-size stream cipher. It is used in popular Internet protocols like Secure Sockets Layer (SSL) to encrypt web traffic and WEP and WPA to secure wireless networks.
RC4 was initially a trade secret, but in September 1994 a description of it was anonymously posted to the Cypherpunks mailing list. It soon became widely used in online communication systems globally.
Key Takeaways
- RC4 is a symmetric key stream cipher designed by Ron Rivest in 1987. It uses variable key-size encryption keys from 40 bits to 2,048 bits.
- RC4 algorithm is used in WEP and WPA wireless security protocols and SSL/TLS protocol for securing Internet traffic.
- Though RC4 was initially secure, several vulnerabilities were found over the years, and it is now considered insecure.
- Attacks like FMS, Klein’s attack, and RC4 NOMORE can recover encryption keys and plaintext in RC4 ciphertexts.
- Due to inherent weaknesses, the IETF prohibits the use of RC4 in TLS and discourages it in SSH and Kerberos.
- Better and more secure ciphers like AES and ChaCha20 are now recommended over RC4 for encryption.
How Does the RC4 Encryption Algorithm Work?
The RC4 encryption algorithm uses a random permutation. It utilizes a variable-length key, typically between 8 bytes (64 bits) and 2048 bytes, to initialize a permutation in a pseudo-random manner. Encryption occurs by XORing the keystream with the plaintext. The keystream is completely independent of the plaintext.
Here are the steps in the RC4 encryption algorithm:
- Key Scheduling Algorithm (KSA): A key of length 8 to 2048 bits is used to initialize a permutation S of 0 to 255 entries. The key length typically used is 128 bits.
- Pseudo-random generation Algorithm (PRGA): The permutation S generates a pseudo-random output keystream, which is XORed with plaintext to get ciphertext.
- Encryption: The output keystream is XORed with plaintext to encrypt it. The same keystream is XORed with the ciphertext to decrypt it.
Let’s understand the work in detail:
Key Scheduling Algorithm
The key scheduling algorithm takes the key and initializes the permutation table S of 256 bytes. The KSA works as follows:
- Initialize an array S of 256 entries with index values 0 to 255
- For each element Si from 0 to 255, set Si = i
- Initialize counters i=j=0
- For i from 0 to 255 do:
- j = (j + Si + key[i mod key_length]) % 256
- Swap values of Si and Sj
This scrambles the permutation S via key bytes in a pseudo-random fashion.
Pseudo-Random Generation Algorithm
The PRGA uses the permutation S to generate the keystream, which is XORed with plaintext to encrypt.
It works as:
- Initialize i = j = 0
- For each output byte:
- i = (i+1) mod 256
- j = (j + Si) mod 256
- Swap values of Si and Sj
- Output K = S[(Si + Sj) mod 256]
This keystream K is XORed with plaintext to produce the ciphertext.
Encryption and Decryption
Encryption occurs by simply XORing the keystream K with the plaintext P on a 1-byte basis:
Ciphertext = Plaintext ⊕ Keystream
C[i] = P[i] ⊕ K[i]
Decryption occurs by generating the same keystream using the same key and XORing it with the ciphertext to recover plaintext:
Plaintext = Ciphertext ⊕ Keystream
P[i] = C[i] ⊕ K[i]
As XOR is a symmetric operation, encryption and decryption use the same logical operations. Hence, RC4 is symmetric.
What are the Advantages of RC4 Algorithm
RC4 became popular because of the following advantages:
- Speed: It is faster than DES and 3DES symmetric ciphers.
- Simplicity: RC4 only uses XOR for encryption/decryption making it simple to implement.
- Variable key size: RC4 supports keys of 8 to 2048 bits in size, allowing flexibility.
- Stateless Cipher: Encryption at any point depends only on the keystream, not the prior state.
- Self-synchronizing: If bytes are dropped in transit, it will recover after a few bytes.
These properties made RC4 ideal for real-time streaming data encryption.
What are the Usage of RC4 Encryption
RC4 found usage in popular Internet encryption protocols and systems:
- Secure Sockets Layer (SSL): RC4 with 128-bit keys was used in SSL and TLS 1.0 for HTTPS web traffic encryption.
- WEP: RC4 with 40-bit keys was used in the Wired Equivalent Privacy (WEP) protocol for WiFi encryption.
- WPA: 128-bit RC4 was used in WiFi Protected Access (WPA) to secure wireless networks.
- Microsoft RDP: Remote Desktop Protocol uses RC4 for remote access encryption.
- BitTorrent: 128-bit RC4 is used to encrypt peer-to-peer BitTorrent traffic.
- Oracle Secure SQL: Network encryption in Oracle databases uses the RC4 algorithm.
- Skype: The Skype protocol uses RC4 for encrypting communication and digital rights management.
Is RC4 Encryption Secure?
Though RC4 was secure when designed, cryptanalysis over the years has discovered vulnerabilities in the RC4 encryption algorithm:
Weak Key Schedule
The pseudo-random keystream generator in RC4 has biases, making the output non-random and weakening encryption.
Related-key Attacks
As the keystream is solely based on keys, related keys can be attacked, and similar keys can leak information about each other.
Statistical Biases
Non-randomness in the PRGA output results in biased bytes. Certain bytes are more likely than others.
FSM Attack
The Fluhrer-Mantin-Shamir attack in 2001 used biases in the first bytes of the keystream to recover keys.
Klein’s Attack
Using biases in 2nd byte, Klein’s attack in 2004 could recover key and plaintext faster.
RC4 NOMORE
RC4 NOMORE attack in 2013 could decrypt a cookie byte-by-byte by exploiting statistical weaknesses.
BEAST Attack
Browser Exploit Against SSL/TLS attack in 2011 recovered RC4 encrypted SSL cookies in HTTPS traffic.
Due to weaknesses in the RC4 encryption algorithm, keys and plaintexts can be recovered from RC4 ciphertexts. Hence, RC4 is now considered insecure for general encryption use.
How to Disable RC4 Encryption
Due to the insecure nature of the RC4 encryption algorithm, steps have been taken to prohibit and disable the use of RC4:
AES Encryption
Advanced Encryption Standard (AES) is a symmetric cipher supporting 128, 192, and 256-bit keys. It is secure and faster than RC4.
ChaCha20 Poly1305
ChaCha20 stream cipher combined with Poly1305 authenticator provides high-speed, secure encryption.
Salisbury
The Salisbury cipher uses a CSPRNG and SHA-256 to generate a cryptographically secure keystream.
HC-128
HC-128 is a symmetric stream cipher using 128-bit keys and a secure pseudorandom number generator.
Rabbit Cipher
The rabbit encryption algorithm generates a keystream using a PRNG and mixing function. It is fast and secure.
Salsa20 Cipher
Salsa20 stream cipher uses a pseudorandom function based on 32-bit arithmetic to encrypt data securely.
Final Thoughts
When designed in 1987, the RC4 stream cipher was revolutionary for its simplicity, speed, and variable key size. It became widely adopted in SSL/TLS, WEP/WPA, RDP, and other protocols to encrypt network traffic.
However, cryptographic weaknesses in the RC4 algorithm were discovered over time, which made it insecure. Attacks could recover keys and plaintext from RC4 ciphertexts.
Due to these inherent vulnerabilities, RC4 has been prohibited in TLS and discouraged in other protocols. Stronger ciphers like AES and ChaCha20 with Poly1305 authenticator are recommended instead of RC4 for secure encryption.
Though RC4 is still present in some legacy systems, it’s best to avoid using it in new implementations and disable/phase it out where possible. For secure encryption, standardized and well-analyzed ciphers like AES are recommended rather than the now insecure RC4 algorithm.
FAQs
Who created the RC4 encryption algorithm?
The RC4 algorithm was designed by Ron Rivest of RSA Security in 1987. Originally it was kept as a trade secret and referred to as ARC4. The RC acronym means “Rivest Cipher”.
How does RC4 encryption work?
RC4 uses a variable-length key to scramble a permutation S of bytes from 0 to 255 via the key scheduling algorithm (KSA). This is then used to generate a pseudo-random keystream, which is XORed with plaintext to encrypt it. The same keystream can decrypt it.
Why is RC4 not secure now?
Though RC4 was initially secure when designed, cryptanalysis over the years has discovered biases and statistical weaknesses in the RC4 keystream generation. Attacks like FMS and Klein’s attack utilize these weaknesses to break and recover RC4 encryption.
Is RC4 banned?
RC4 is not outright banned but prohibited by the IETF in TLS 1.1+ due to security reasons. Its use is also discouraged in protocols like SSH and Kerberos. Browsers disable RC4 cipher suites due to vulnerabilities.
Where is RC4 still used?
Some cases where RC4 may still be used are wireless encryption WEP and WPA, Microsoft RDP and older OS releases, AS/400 system networking, and legacy software/hardware. However, it’s recommended that it be disabled where possible.
What replaced RC4 encryption?
Modern secure symmetric ciphers like AES and ChaCha20 and authentication mechanisms like Poly1305 have replaced RC4 for encryption purposes. Salisbury, HC-128, and Rabbit stream ciphers are also recommended as stronger alternatives.
Priya Mervana
Verified Web Security Experts
Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.
