In cryptography, RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is a stream cipher. While remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP.
, there is speculation that some state cryptologic agencies may possess the capability to break RC4 when used in the TLS protocol. IETF has published RFC 7465 to prohibit the use of RC4 in TLS; Mozilla and Microsoft have issued similar recommendations.
In 2014, Ronald Rivest gave a talk and published a paper on an updated redesign called Spritz. A hardware accelerator of Spritz was published in Secrypt, 2016. The authors have shown that due to multiple nested calls required to produce output bytes, Spritz performs rather slowly compared to other hash functions such as SHA-3 and best known hardware implementation of RC4.
RC4 can refer to:
- RC4 cipher used for computer data protection
- Battle of Route Coloniale 4, Battle during the Vietnam War
- Iranian Railways RC4, Iranian electric locomotive
- SJ Rc4, Swedish electric locomotive