How to implement RC4?

What is the the RC4 algorithm?

It's not an encryption algorithm per se (ie. A hashing function), but it has some interesting properties for the creation of hash-tables.

The "RC4" acronym originally referred to the way in which four 16 bit keys (called RC4 cycles) were concatenated in parallel to generate a 32 bit pseudorandom key stream, and a stream cipher was constructed using this keystream as a "seed". If you are interested in the underlying mathematical principles, the link above contains additional explanations. For further details on its implementation within software, refer to the paper: "A high performance stream cipher, the RC4". (If you're just interested in a high-level overview of the scheme, there's an additional Wikipedia page.)

I've already created the following hash-tables with all types of keys, strings, and data: Using simple strings as keys does not offer any meaningful randomness, so I've implemented hash tables that use a key type that combines one character (ASCII character codes 0-127, depending on the number of bytes involved in the hash-table lookup) with a 4-byte number as a 24-bit key for each entry in the hash table (the ASCII-key-number is masked by the 4-byte number before being combined with the 32-bit hash value). There's no chance of someone reversing my hashes to find out any of my secrets, because the number of entries that can have identical hash values is extremely small.0E-9 = 4.0E-25 = 1/1.0E24/1.0E-9) entries is 1/2.0E-4/4.0E-24 (1/2.0E-4/2.0E24 = 1/2.0E-12).

How to implement RC4?

I would say that you should go with the AESNI implementation since it's the safest, most recommended and fastest one.

I think there is a problem with your understanding. To calculate an RC4 stream encryption, we do NOT need to get the IV value from a nonce value. You can simply use the data you are providing as the nonce. Thus, for decryption (same as encryption but decrypt instead), you only have to change the keystream. In addition, I might also add that you can use the same data for both RC4 encryption and decryption as long as it isn't used more than once (more than a single packet's worth of data). This way, you won't have to change the nonce at all because of the IV/nonce is already determined by using the same data. Then, you can combine all of the packets, apply the cipher to them (ie xor them together), and then XOR the result with the IV of the last packet. This would be the same as a non-randomized key, except that it could be used multiple times.

Why is RC4 no longer recommended for use?

=====================================.

I started to document the various reasons why support for RC4 in TLS is being. Removed from curl and OpenSSL. (Note that this has happened independently of your work!). RC4 is deprecated for security reasons, although it works fine for those who. Use no authentication (https without a certificate) and have some. Understanding of cryptology. But it is definitely not recommended for all applications, even when one's own private key is used. It has a history of producing broken cryptography, most seriously as recently as two years ago (the most common reason given for. deprecation is broken "key expansion" attacks such as the Lucky Thirteen). Or use the TLSRSAWITHAES256GCMSHA384 ciphersuites. Using an incorrectly implemented "hash function" should be deprecated, since that. will leak information anyway if the protocol does not allow for non-hashed. messages. Although RFC3447 defines the RC4-HMAC combination as "secure", it is actually insecure when used outside of a. single handshake context, which is exactly what it was intended for when it. was introduced in 1996. The same section also contains a "strong recommendation" that is itself insecure. I have never been able to satisfactorily figure out why people keep using it, and thus avoid it when. practical.