Highest Voted 'rc4' Questions - Cryptography Stack Exchange

52

votes

7 answers

Google is using RC4, but isn't RC4 considered unsafe?

Why is Google using RC4 for their HTTPS/SSL? $ openssl s_client -connect www.google.com:443 | grep "Cipher is" New, TLSv1/SSLv3, Cipher is RC4-SHA Isn't RC4 unsafe to use?

tls rc4

asked Sep 29 '11 at 05:30

Jonas Lejon

621
1
5
6

13

votes

3 answers

Is there a way to make RC4 (ARCFOUR) secure, or is it completely broken?

I need a method to authenticate a process with another in order to establish interprocess communication between them, to prevent malicious processes from trying to hook onto the system. Currently I just send a password in plaintext between the two…

encryption passwords authentication rc4

asked Aug 25 '12 at 12:39

Kevin Jin

241
2
6

13

votes

3 answers

What is the PRG period of stream ciphers such as RC4 or Salsa20?

I am confused about how long a stream cipher can be used before you should change the key. To be concrete, let me use the stream cipher based on RC4 as an example. Let's say I want to encrypt a very long message. I pick a key with 128 bits and start…

stream-cipher rc4 salsa20

asked Mar 25 '12 at 18:37

rlandster

317
2
8

11

votes

2 answers

Is RC4 a problem for password-based authentication?

This is a follow-up question to Does TLS use RC4-drop[n]?. As mentioned in section 6 of RFC4345, there are weak distinguishers for RC4 keystreams available that even work for keystreams that originate from different keys, and regardless of the…

tls rc4 distinguisher

asked Aug 04 '12 at 09:20

lxgr

1,798
1
13
22

9

votes

2 answers

Is RC4 secure with a single-use 32-byte random key prefix and 3072 prefix bytes discarded?

Are there any known attacks against RC4 if used with a single-use, random-generated 32-byte key, and 3072 random bytes prepended to the plaintext? Are there any reasons why we should consider such a use of RC4 less secure than an other…

rc4

asked May 24 '18 at 14:04

pts

223
1
8

9

votes

1 answer

Are there any long term RC4 bias based exploits?

The RC4 cipher possibly exhibits low level bias in it's long run PRNG keystream. I'm specifically excluding short term bias attacks which I'm defining as outputs < 1024 bytes. Are there any real world attacks that exploit this feature?

cryptanalysis reference-request attack rc4

asked Dec 02 '15 at 02:49

Paul Uszak

15,905
2
32
83

7

votes

0 answers

Does the bias in RC4 drop asymptotically further in the keystream?

It's well-known that the RC4 keystream has significant biases that become less prominent later in the keystream. The most severe bias is in the second byte, which has a 128-1 bias towards zero. Other biases remain, and it's typically recommended to…

stream-cipher rc4 distinguisher

asked Aug 03 '19 at 08:44

forest

15,626
2
49
103

7

votes

2 answers

How are constructs with data-dependent swaps and rotations cryptanalyzed?

Linear and differential cryptanalysis seem well suited for constructs with a (relatively) simple fixed structure of boolean expressions. But some ciphers incorporate swaps of array elements where the indices to be swapped are dependent on dynamic…

cryptanalysis rc4

asked Aug 25 '11 at 15:30

Marsh Ray

1,896
13
15

7

votes

1 answer

Does "double RC4" exhibit the same weaknesses as standard RC4?

I know that RC4 is weak. However, I don't know if two RC4 streams XORed with each other can be attacked in the same way that one can, especially if $n$ bytes are dropped. Assume keys and IVs are independent and random. (This is purely theoretical,…

rc4

asked Apr 12 '16 at 15:48

Demi

4,853
1
22
40

7

votes

1 answer

Does TLS use RC4-drop[n]?

According to many sources, the first few (n) bytes of the RC4 keystream are strongly biased, and therefore should be discarded before using the keystream to encrypt anything; this precaution is commonly called RC4-drop-n. There are variants of RC4…

tls rc4

asked Jul 31 '12 at 17:34

lxgr

1,798
1
13
22

7

votes

1 answer

Can somebody help me understand RC4 Spritz? (Three Questions)

So ever since I first took a stab at understanding stream Ciphers, not one stood out more than RC4, because it's so fantastically simple. As most people reading this will know, with its fantastic simplicity comes with easily done cryptanalysis and…

encryption cryptanalysis stream-cipher rc4

asked Jan 14 '16 at 13:55

Iam Nick

550
2
12

7

votes

1 answer

Does omitting the first two lines of RC4's pseudo-random generation algorithm weaken the cipher?

A particular educational software program published by a U.S. government agency uses a variant of RC4 to obfuscate its data files (see Stack Overflow question). The variant of RC4 in question is identical to standard RC4 except at the beginning of…

implementation rc4

asked May 30 '12 at 04:02

PleaseStand

173
3

7

votes

2 answers

Security analysis of Spritz?

Recently, a new cipher called Spritz has been released by Ronald L. Rivest and Jacob Schuldt. It should be a "drop-in replacement" for RC4. There are many differences to RC4, Spritz is "spongy" and also has a complete different way to handle the…

cryptanalysis stream-cipher rc4 sponge

asked Oct 09 '14 at 09:19

ralph

81
4

6

votes

2 answers

RC2, RC4, RC5 key length

While reading the Wiki page on RC4 I noticed that the key size must be in the range of 40–2,048 bits. So should I understand like this, that I can have a key that has length of, lets say 333 bits? (any decimal number between 40-2048?) How about…

key-size rc4 rc2 rc5

asked Aug 11 '13 at 20:32

nullpointer

61
1
3

6

votes

0 answers

What is the "brand X" cipher mentioned in the Usenet thread about RC4?

In the original Usenet thread about RC4 when it was finally reverse engineered, a user by the name of Michael Johnson mentioned that the RC4 algorithm looked surprisingly like another proprietary cipher which he had seen which he called "brand X",…

rc4 history

asked Jun 02 '19 at 00:33

forest

15,626
2
49
103

Questions tagged [rc4]