In cryptography, RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is the most widely used software stream cipher and is used in popular Internet protocols such as Transport Layer Security (TLS). While remarkable for its simplicity and speed in software, RC4 has weaknesses that argue against its use in new systems. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used; some ways of using RC4 can lead to very insecure protocols such as WEP. As of 2015, there is speculation that some state cryptologic agencies may possess the capability to break RC4 even when used in the TLS protocol. Mozilla and Microsoft recommend disabling RC4 where possible. RFC 7465 prohibits the use of RC4 in TLS. In 2014, Ronald Rivest gave a talk and published a paper on an updated redesign called Spritz.

Rbcafe » RC4



RC4_set_key, RC4 – RC4 encryption


#include (openssl/rc4.h)

void RC4_set_key(RC4_KEY *key, int len, const unsigned char *data);

void RC4(RC4_KEY *key, unsigned long len, const unsigned char *indata,
unsigned char *outdata);


This library implements the Alleged RC4 cipher, which is described for
example in Applied Cryptography. It is believed to be compatible with
RC4[TM], a proprietary cipher of RSA Security Inc.

RC4 is a stream cipher with variable key length. Typically, 128 bit
(16 byte) keys are used for strong encryption, but shorter insecure key
sizes have been widely used due to export restrictions.

RC4 consists of a key setup phase and the actual encryption or decryp-
tion phase.

RC4_set_key() sets up the RC4_KEY key using the len bytes long key at

RC4() encrypts or decrypts the len bytes of data at indata using key
and places the result at outdata. Repeated RC4() calls with the same
key yield a continuous key stream.

Since RC4 is a stream cipher (the input is XORed with a pseudo-random
key stream to produce the output), decryption uses the same function
calls as encryption.

Applications should use the higher level functions EVP_EncryptInit(3)
etc. instead of calling the RC4 functions directly.


RC4_set_key() and RC4() do not return values.


Certain conditions have to be observed to securely use stream ciphers.
It is not permissible to perform multiple encryptions using the same
key stream.


Rbcafe © 2004- | Rb Cafe 1.3 | Contacto Rbcafe | Rbcafe en Twitter | Rbcafe en Facebook | Política de privacidad