RC4 is known to leak information about the first few bytes of the ciphertext due to keystream biases.
However, are there known attacks on RC4-drop[N] where N is large enough, that leak information about the plaintext?
Edit: I am NOT planning on using this in actual software (I would use ChaCha20, Salsa20, or XSalsa20 instead, which are far more secure and just as fast), but rather interested as a matter of curiosity.
