Rivest Cipher 4 (RC4) | Infosec (2024)

Table of Contents
RC4 variants Working of RC4 Encryption Example Decryption Steps Example Advantages of RC4 Disadvantages of RC4 Attacks on RC4 RC4 applications Sources References
  • Resource Center
  • Cryptography
  • Rivest Cipher 4 (RC4)

Cryptography

RC4 stands for Rivest Cipher 4. RC4 is a stream cipher and was invented by Ron Rivest in 1987. Since RC4 is a stream cipher, it encrypts the stream of data byte by byte.

Of all the stream ciphers, RC4 is the widely used stream cipher due to its speed of operations and simplicity.

Rivest Cipher 4 (RC4) | Infosec (1)

Learn Applied Cryptography

Build your applied cryptography and cryptanalysis skills with 13 courses covering hashing, PKI, SSL/TLS, full disk encryption and more.

Start Learning

RC4 variants

RC4 has 4 variants to it. They are:

  • SPRITZ: Spritz is used to build:
    • a) Cryptographic hash function
    • b) Deterministic random bit generator (DRBG)
    • c) Encryption algorithm which supports Authenticated Encryption with Associated Data (AEAD)
  • RC4A:This is a stronger variant than RC4.
  • VMPC: It stands for Variably Modified Permutation Composition.RC4A+:RC4A+ as the name suggests is a modified version of RC4 with a more complex three-phase key schedule and takes 1.7 times as long as basic RC4.

Working of RC4

RC4 makes use of KSA and PRGA Algorithms. Explanation and working of these algorithms is out of scope. Let’s understand how encryption and decryption takes place in RC4.

Encryption

  1. User inputs plain text and a secret key.
  2. The encryption engine generates the keystream by using KSA and PRGA Algorithms for the secret key entered.
  3. The generated keystream is XORed with plain text. Since RC4 is a stream cipher, XORing is done byte by byte and encrypted text is produced.
  4. This encrypted text is now sent to the intended receiver in encrypted form.

Example

Plain Text: 10011001

Keystream: 11000011

--------------------------------

See Also
RC4 Algorithm: Understanding Stream Cipher Security - CodedInsightsWhat is RC4? - Unpacking the Security Encryption MethodologyRC4 Encryption Algorithm Stream Ciphers Defined | OktaAn In-Depth Look at the RC4 Algorithm | CodingDrills

Cipher Text: 01011010

Decryption

Steps

  1. For decryption, ciphertext and the same keystream is required which was used for encryption.
  2. The ciphertext and the keystream produce plain text using XOR Operation.
  3. The ciphertext is XOR’ed with keystream bit by bit to produce PlainText.

Example

Cipher Text: 01011010

Keystream: 11000011

----------------------

Plain Text: 10011001

Advantages of RC4

  1. RC4 is simple to use.
  2. Speed of operation is fast as compared to other cipher suites.
  3. RC4 cipher is easy to implement.
  4. RC4 does not consume more memory.
  5. For large streams of data, RC4 is the preferred choice.

Disadvantages of RC4

  1. If a strong MAC is not used, RC4 is vulnerable to a bit-flipping attack.
  2. RC4 does not support authentication.
  3. RC4 is not feasible to be implemented on small streams of data.

Attacks on RC4

RC4 is vulnerable to following attacks -

  1. Fluhrer, Mantin and Shamir attack
  2. Klein’s attack
  3. Combinatorial Problem
  4. Royal Holloway Attack
  5. Bar-mitzvah Attack
  6. NOMORE Attack

Rivest Cipher 4 (RC4) | Infosec (2)

Learn Applied Cryptography

Build your applied cryptography and cryptanalysis skills with 13 courses covering hashing, PKI, SSL/TLS, full disk encryption and more.

Start Learning

RC4 applications

RC4 application has been found in -

  • WPA
  • BitTorrent protocol encryption
  • WEP
  • Microsoft Office XP
  • Microsoft Point-to-Point Encryption
  • Transport Layer Security / Secure Sockets Layer
  • Secure Shell (optionally)
  • Remote Desktop Protocol
  • Kerberos
  • SASL Mechanism Digest-MD5
  • PDF
  • Skype

Sources

  1. https://www.geeksforgeeks.org/rc4-encryption-algorithm/
  2. https://paginas.fe.up.pt/~ei10109/ca/rc4.html
  3. https://tutorialspoint.dev/computer-science/computer-network-tutorials/computer-network-rc4-encryption-algorithm

Posted: January 11, 2021

Nitesh Malviya is a Security Consultant. He has prior experience in Web Appsec, Mobile Appsec and VAPT. At present he works on IoT, Radio and Cloud Security and open to explore various domains of CyberSecurity. He can be reached on his personal blog - https://nitmalviya03.wordpress.com/ and Linkedin - https://www.linkedin.com/in/nitmalviya03/.

Learn applied cryptography and cryptanalysis

What you'll learn:

  • Cryptography fundamentals
  • Public key infrastructure
  • Blockchain technology
  • SSL and TLS
  • And more

Get Started

In this Series

  • Rivest Cipher 4 (RC4)
  • How does hashing work: Examples and video walkthrough
  • How does encryption work? Examples and video walkthrough
  • Planning for post-quantum cryptography: Impact, challenges and next steps
  • Beginner’s guide to the basics of data encryption
  • Structures of cryptography
  • Role of digital signatures in asymmetric cryptography
  • What is hom*omorphic encryption?
  • Encryption and etcd: The key to securing Kubernetes
  • Quantum cyberattacks: Preparing your organization for the unknown
  • An Introduction to asymmetric vs symmetric cryptography
  • Breaking misused stream ciphers
  • Entropy calculations
  • Blockchain and asymmetric cryptography
  • Security of the PKI ecosystem
  • Elliptic curve cryptography
  • Methods for attacking full disk encryption
  • Introduction to Public Key Infrastructure (PKI)
  • Introduction to the TLS/SSL cryptography protocol
  • Introduction to Diffie-Hellman Key Exchange
  • Introduction to the Rivest-Shamir-Adleman (RSA) encryption algorithm
  • Introduction to full disk encryption
  • 8 reasons you may not want to use VPNs
  • Understanding stream ciphers in cryptography
  • Cryptography Errors
  • Understanding block ciphers in cryptography
  • How to mitigate Credential Management Vulnerabilities
  • How To Exploit Credential Management Vulnerabilities
  • Poor Credential Management
  • How Is Cryptography Used In Applications?
  • Decrypting Downloaded Files
  • Introduction to hash functions
  • Introduction to Asymmetric Cryptography
  • The Advanced Encryption Standard (AES)
  • Fundamentals of symmetric and asymmetric cryptography
  • Case Studies in Poor Password Management
  • The ultimate guide to encryption key management
  • Principles of cryptography
  • Encryption vs Encoding
  • Introduction to Cryptanalysis
  • Secure Credential Management
  • Introduction to Blockchain
  • Blockchain Technology
  • Virtual Private Networks (VPNs)
  • Hash Functions
  • Asymmetric Cryptography
  • Fundamentals of Cryptography
  • Symmetric Cryptography
  • Introduction to cryptography
  • Best tools to perform steganography [updated 2020]

Related Bootcamps

  • ISC2 CISSP® Training Boot Camp
  • Ethical Hacking Dual Certification Boot Camp (CEH and PenTest+)
  • OWASP Top 10 Training Boot Camp
  • CompTIA Security+ Training Boot Camp
  • Reverse Engineering Malware Training Boot Camp

Get certified and advance your career
  • Exam Pass Guarantee
  • Live instruction
  • CompTIA, ISACA, ISC2, Cisco, Microsoft and more!

View Certifications

Cryptography

How does hashing work: Examples and video walkthrough

Cryptography

How does encryption work? Examples and video walkthrough

Cryptography

Planning for post-quantum cryptography: Impact, challenges and next steps

Cryptography

Beginner’s guide to the basics of data encryption

Rivest Cipher 4 (RC4) | Infosec (2024)

References

Top Articles
Spanish Accents: How to Use & Type á, é, í, ó, ú, ü, ñ, ¡, ¿
Say goodbye to the Southern drawl, y’all! UGA research suggests South is losing its accent
Craigslist Cars Near Me
Bruce Springsteen improvise une chanson en direct
Indianapolis has violent Fourth of July night. Police use curfew to bust up groups downtown
Indianapolis – Wikitravel
Las Vegas NV Real Estate - Las Vegas NV Homes For Sale | Zillow
Helpful Tips For Getting Free Stuff In Las Vegas
Kaitlyn: What Happened to the WWE Star? Where is She Today?
How accessible is the beauty world to those with disabilities?
Lynchless Classic
Robert Towne, Oscar-winning writer of ‘Chinatown,’ dies at 89
Latest Posts
How to type Accented Spanish Letters on Keyboard (ñ á é í ó ú ü) - How to Type Anything
Keyboard shortcuts for international characters
Article information

Author: Allyn Kozey

Last Updated:

Views: 6581

Rating: 4.2 / 5 (43 voted)

Reviews: 82% of readers found this page helpful

Author information

Name: Allyn Kozey

Birthday: 1993-12-21

Address: Suite 454 40343 Larson Union, Port Melia, TX 16164

Phone: +2456904400762

Job: Investor Administrator

Hobby: Sketching, Puzzles, Pet, Mountaineering, Skydiving, Dowsing, Sports

Introduction: My name is Allyn Kozey, I am a outstanding, colorful, adventurous, encouraging, zealous, tender, helpful person who loves writing and wants to share my knowledge and understanding with you.