What uses RC4 encryption?

I have been reading about it and have read a lot of articles on this subject, but I cannot find any specific use cases.

You have an external server who wants to secure their internal applications with your authentication and encryption, what could that possibly be? If you are talking about encrypting traffic on the wire (ie SSL), then its obvious. This would apply in almost every case of securing traffic in transit.

This use case sounds very much like any other web application, or for that matter any client application. I'm struggling to think of what specific business case might call for such an application.

James McNellisOct 3 '09 at 17:25. 2

If I can't think of a business case, then my guess is, you're thinking of it wrong. Encrypting traffic is used to keep other people from snooping, but it's also used for authentication.

Travis JDec 7 '09 at 18:26. 3

There are no uses of RC4 out there, except perhaps as a "randomness" token in a PRNG to protect against timing attacks, or when you do not want to use AES (for example if you're talking about the browser's web cookies or for any other internal use case where they might not be encrypted). Jakub VranaOct 3 '09 at 18:44. 1

RC4 is a bit of a cipher shark. I am not an expert, but it has some weak properties which causes security experts to shudder. It was designed back when there were no serious threats to it's security. It's a really bad cipher for anything except when you don't care about speed.

James McNellisOct 3 '09 at 20:35. 4 Answers.
RC4 has been proposed for public key cryptographic operations like key exchange (see the PKZIP standard) and signatures (for the GNU implementation of the OpenPGP format). I believe this use case would have to be documented in some detail, since the security concerns may be less than they would for a symmetric mode cipher like AES.

RC4 is also (in theory) vulnerable to cache-based attack modes and timing attacks, but I'm not aware of anyone saying anything bad about that.

How long is a key in RC4 encryption?

I am trying to read the contents of a RC4-encrypted text file, but I have no idea how long it takes to decrypt.

Are there any suggestions on how to find out how long it takes? ? RC4 takes O(128) bytes, if your key is O(16) bytes. It's hard to be more specific than that, but you could try timing yourself with a timing program. Or you could use a brute force attack with a fast key search algorithm. For example, this one.

What is the RC4 algorithm an example of?

RC4 is a relatively simple symmetric key algorithm, one that is easy to.

break, but extremely flexible because of its simplicity. This means you can easily choose all the parameters to suit your needs. The basic idea of the RC4 cipher is very simple - to generate a random sequence, you keep. Repeating a small sub-sequence repeatedly. Let's look at an example of an encryption operation using a 128 bit key: input Each time you. Apply the procedure it takes 3 different steps, which are essentially repeated on every bit of the input. A quick check against a PC of my own reveals I was correct. I used Java.net's implementation of RC4 and ran an encryption algorithm using a 128 bit key, and then re-ran the process using the same key but a 32 bit key. It only took 0.0008 seconds to perform the 32 bit version, whereas the 64 bit version only took 0.

What is the difference between AES and RC4 encryption?

(I'm a total noob so be gentle)

In AES you have the key that is generated by the user that is never stored on the server. That way even if the server is breached it is useless to a hacker without the key.

RC4 is a symmetric encryption. It basically takes your data, makes a unique code for every block of your data based on a key, then takes your data and hashes it into the same unique code. So when the user sends the hash back to the server, the server knows that this is the right file and can just send the correct decryption code to the phone.

This is not really true. RC4 is a block cipher and not a stream cipher. Stream ciphers are designed such that they take a string of bytes (that is, a sequence of characters, eg, abcdefghijklmnop) and transform it into another string of bytes. A stream cipher does something like this. For example, the cipher is run through a key generator (usually a linear congruential generator or a table-based key generator) in a series of stages. The number of stages and the number of bits in each stage are specified by the cipher designers.

Each stage takes the next k bits of the plaintext message and the key stream generated in the previous stage and mixes them with the ciphertext in a complex way (usually using an exclusive OR operation, but that's the technical stuff) to produce a new ciphertext and key stream. When the cipher is run with a given key, the number of bits in the plaintext corresponds to the number of stages and the key generates the same key stream at each stage. The key stream generated is the ciphertext of the plaintext.

The whole process is repeated until the number of stages reaches the number of bits in the plaintext. When the process is repeated with the same key, the results are the same, and thus the stream cipher produces the same ciphertext with a given key for every possible sequence of plaintext.

The process of running the cipher twice with the same key to produce the same result as a single pass with the same key is called key recycling. The main point is that if an attacker gets access to a stream cipher, she can easily run the cipherstream against itself, just as the plaintext can be run against itself.