Rc4 Cipher

Shopping on line can be easy, simple and save you lots of money. It can also take a lot of your time, frustrate you, and result in unwanted purchases. Now the same can be said for regular high street shopping, but with the vast opportunity presented by the Internet it will pay you to spend a few minutes reading this and understanding how to better optimize your Rc4 Cipher shopping experience:

1. Compare - without doubt the biggest advantage that the Rc4 Cipher offers shoppers today is the ability to compare thousands of Rc4 Cipher at a time. This is a great thing, but not necessarily all the time! Too much can be daunting at times so take advantage of the great comparison sites and where possible let them do the hard work for you.

2. Research - if it has been said it will be on the internet. Ignorance is no longer a justifiable reason for buying the wrong thing. Take the time to research in detail everything that you could possible want to know about

3. Testimonials - don't know anybody that has bought a Rc4 Cipher ? Wrong! If the Rc4 Cipher is good the internet will let you know. Use the Internet as a friend and get testimonials before you buy.

4. Questions - Got a question about Rc4 Cipher then search the Forums, FAQ's, Blogs etc. Don't be afraid to ask .....

5. Reputation - Never heard of the company selling Rc4 Cipher ? Don't worry, no reason why you should know every company in the world, but you know someone that does! Use the internet to find out what people are saying about Rc4 Cipher and build up a picture of their reputation for sales, returns, customer service, delivery etc.

6. Returns - still worried that even after all of the above your Rc4 Cipher wont be what you want? Check out the returns policy. There is so much competition now that someone, somewhere is bound to offer the terms that you are comfortable with.

7. Feedback - happy with your Rc4 Cipher then let people know, after all you are depending on others people input in your buying decision, so why not give a little back.

8. Security - check for the yellow padlock on the Rc4 Cipher site before you buy, and the s after http:/ /i.e. https:// = a secure site

9. Contact - got a question about Rc4 Cipher , or want to leave a comment then check out the sites contact page. Reputable companies have them and respond.

10. Payment - ready to pay for your Rc4 Cipher , then use your credit card or PayPal! Be aware of companies that don't accept them, there may be genuine reasons but given the huge amount of choice you have when buying online there is no reason at all not to buy via credit card or PayPal.

For the Vietnam road named RC4, see Route Coloniale 4.

In cryptography, RC4 (also known as ARC4 or ARCFOUR) is the most widely-used software stream cipher and is used in popular protocols such as Secure Sockets Layer (SSL) (to protect Internet traffic) and Wired Equivalent Privacy (to secure wireless networks). While remarkable in its simplicity, RC4 falls short of the high standards of security set by cryptographers, and some ways of using RC4 can lead to very insecure cryptosystems (an example being Wired Equivalent Privacy). It is not recommended for use in new systems. However, some systems based on RC4 are secure enough for practical use.

History RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially termed "Rivest Cipher 4", the RC acronym is alternatively understood to stand for "Ron's Code" (see also RC2, RC5 and RC6).

RC4 was initially a trade secret, but in September 1994 a description of it was anonymously posted to the Cypherpunks mailing list. It was soon posted on the sci.crypt newsgroup, and from there to many sites on the Internet. The leaked code was confirmed to be genuine as its output was found to match that of proprietary software using licensed RC4. Because the algorithm is known, it is no longer a trade secret. The name "RC4" is trademarked, however. The current status seems to be that "unofficial" implementations are legal, but cannot use the RC4 name. RC4 is often referred to as "ARCFOUR" or "ARC4" (meaning Alleged RC4, because RSA Security has never officially released the algorithm), to avoid possible trademark problems. It has become part of some commonly used encryption protocols and standards, including Wired Equivalent Privacy and Wi-Fi Protected Access for wireless cards and Transport Layer Security.

The main factors which helped its deployment over such a wide range of applications consisted in its impressive speed and simplicity. Implementations in both software and hardware are very easy to develop.

Description RC4 generates a pseudo-random number generator (a keystream) which, for encryption, is combined with the plaintext using XOR; decryption is performed the same way. (This is similar to the Vernam cipher except that pseudorandom bits, rather than random bits, are used.) To generate the keystream, the cipher makes use of a secret internal state which consists of two parts:

A permutation of all 256 possible bytes (denoted "S" below).

Two 8-bit index-pointers (denoted "i" and "j").

The permutation is initialized with a variable length key (cryptography), typically between 40 and 256 bits, using the key schedule algorithm (KSA). Once this has been completed, the stream of bits is generated using the pseudo-random generation algorithm (PRGA).

The key-scheduling algorithm (KSA) The key-scheduling algorithm is used to initialize the permutation in the array "S". "keylength" is defined as the number of bytes in the key and can be in the range 1 ≤ keylength ≤ 256, typically between 5 and 16, corresponding to a key length of 40 – 128 bits. First, the array "S" is initialized to the identity (mathematics). S is then processed for 256 iterations in a similar way to the main PRGA algorithm, but also mixes in bytes of the key at the same time.

'''for''' i '''from''' 0 '''to''' 255 Si := i '''endfor''' j := 0 '''for''' i '''from''' 0 '''to''' 255 j := (j + Si + keyi [modulo operation keylength) mod 256 swap(Si,Sj) '''endfor'''

The pseudo-random generation algorithm (PRGA) For as many iterations as are needed, the PRGA modifies the state and outputs a byte of the keystream. In each iteration, the PRGA increments i, adds the value of S pointed to by i to j, exchanges the values of S and S, and then outputs the value of S at the location S + S (modulo 256). Each value of S is swapped at least once every 256 iterations.

i := 0 j := 0 '''while''' GeneratingOutput: i := (i + 1) mod 256 j := (j + Si) mod 256 swap(Si,Sj) output S(S[i + Sj) mod 256] '''endwhile'''

Implementation Many stream ciphers are based on linear feedback shift registers (LFSRs), which while efficient in hardware are less so in software. The design of RC4 avoids the use of LFSRs, and is ideal for software implementation, as it requires only byte manipulations. It uses 256 bytes of memory for the state array, S through S, k bytes of memory for the key, key through key, and integer variables, i, j, and k. Performing a modulus 256 can be done with a bitwise AND with 255 (or on most platforms, simple addition of bytes ignoring overflow).

Here is a simple implementation in Python (programming language):class WikipediaARC4: def __init__(self, key = None): self.state = range(256) # Initialize state array with values 0 .. 255 self.x = self.y = 0 # Our indexes. x, y instead of i, j

if key is not None: self.init(key)

# KSA def init(self, key): for i in range(256): self.x = (ord(keyi % len(key)) + self.statei + self.x) & 0xFF self.statei, self.stateself.x = self.stateself.x, self.statei self.x = 0

# PRGA def crypt(self, input): output = None*len(input) for i in xrange(len(input)): self.x = (self.x + 1) & 0xFF self.y = (self.stateself.x + self.y) & 0xFF self.stateself.x, self.stateself.y = self.stateself.y, self.stateself.x r = self.state(self.state[self.x + self.stateself.y) & 0xFF] outputi = chr(ord(inputi) ^ r) return ''.join(output)

if __name__ == '__main__': test_vectors = 'Key', 'Plaintext', \ 'Wiki', 'pedia', \ ['Secret', 'Attack at dawn' for i in test_vectors: print WikipediaARC4(i).crypt(i).encode('hex').upper()

Test vectors These test vectors are not official, but convenient for anyone testing their own RC4 program. The inputs are ASCII, the output is in hexadecimal.

RC4( "Key", "Plaintext" ) == BBF316E8D940AF0AD3

RC4( "Wiki", "pedia" ) == 1021BF0420

RC4( "Secret", "Attack at dawn" ) == 45A01F645FC35B383552544B9B67

Security RC4 falls short of the standards set by cryptographers for a secure cipher in several ways, and thus is not recommended for use in new applications.

The keystream generated by RC4 is slightly biased in favour of certain sequences of bytes. The best attack based on this bias is due to Scott Fluhrer and David McGrew, which will distinguish the keystream from a random stream given a gigabyte of output.

RC4 does not take a separate cryptographic nonce alongside the key. Such a nonce is, in general, a necessary requirement for security, so that encrypting the same message twice produces a different ciphertext each time. One approach to addressing this is to generate a "fresh" RC4 key by cryptographic hash function a long-term key with a cryptographic nonce. However, many applications that use RC4 simply concatenate key and nonce; RC4's weak key schedule then gives rise to a variety of serious problems.

Fluhrer, Mantin and Shamir attack In 2001 a new and surprising discovery was made by Scott Fluhrer, Itsik Mantin and Adi Shamir: over all possible RC4 keys, the statistics for the first few bytes of output keystream are strongly non-random, leaking information about the key. If the long-term key and nonce are simply concatenated to generate the RC4 key, this long-term key can be discovered by analysing a large number of messages encrypted with this key. This and related effects were then used to break the Wired Equivalent Privacy ("wired equivalent privacy") encryption used with 802.11 wireless networks. This caused a scramble for a standards-based replacement for WEP in the 802.11 market, and led to the IEEE 802.11i effort and Wi-Fi Protected Access.

Cryptosystems can defend against this attack by discarding the initial portion of the keystream (say the first 1024 bytes) before using it.

Klein's Attack In 2005, Andreas Klein presented an analysis of the RC4 stream cipher showing more correlations between the RC4 keystream and the key. Erik Tews, Ralf-Philipp Weinmann, and Andrei Pyshkin used this analysis to create aircrack-ptw, a tool which cracks 104-bit RC4 used in 128-bit WEP in under a minuteErik Tews, Ralf-Philipp Weinmann, Andrei Pyshkin. Breaking 104-bit WEP in under a minute. Whereas the Fluhrer, Mantin, and Shamir attack used around 10 million messages, aircrack-ptw can break 104-bit keys in 40,000 frames with 50% probability, or in 85,000 frames with 95% probability.

Combinatorial problem A combinatorial problem related to the number of inputs and outputs of the RC4 cipher was first posed by Itsik Mantin and Adi Shamir in 2001, whereby, of the total 256 elements in the typical state of RC4, if x number of elements (x ≤ 256) are only known (all other elements can be assumed empty), then the maximum number of elements that can be produced deterministically is also x in the next 256 rounds. This conjecture was put to rest in 2004 with a formal proof given by Souradyuti Paul and Bart Preneel.

RC4-based cryptosystems

Wired Equivalent Privacy
Wi-Fi Protected Access
CipherSaber
BitTorrent protocol encryption
MPPE
Secure Sockets Layer (optionally)
Secure shell (optionally)
Remote Desktop Client (RDC over RDP)
Kerberos (protocol) (optionally)
Simple_Authentication_and_Security_Layer Mechanism Digest-MD5 (optionally)

Where a cryptosystem is marked with "(optionally)", RC4 is one of several ciphers the system can be configured to use.

See also

ESTREAM - An evaluation of new Stream_ciphers being conducted by the EU.
Tiny_Encryption_Algorithm and XTEA - A family of block cipher that like RC4 are designed to be very simple to implement.
Advanced Encryption Standard

References

Scott R. Fluhrer, Itsik Mantin and Adi Shamir, Weaknesses in the Key Scheduling Algorithm of RC4. Selected Areas in Cryptography 2001, pp1 – 24 (PS).
Scott R. Fluhrer and David A. McGrew, Statistical Analysis of the Alleged RC4 Keystream Generator. FSE 2000, pp19 – 30 (PDF).
Jovan Dj. Golic, Iterative Probabilistic Cryptanalysis of RC4 Keystream Generator. ACISP 2000, pp220 – 233
Jovan Dj. Golic, Linear Statistical Weakness of Alleged RC4 Keystream Generator. EUROCRYPT 1997, pp226 – 238 (PDF).
Lars R. Knudsen, Willi Meier, Bart Preneel, Vincent Rijmen and Sven Verdoolaege, Analysis Methods for (Alleged) RC4. ASIACRYPT 1998, pp327 – 341 (PS).
Itsik Mantin and Adi Shamir, A Practical Attack on Broadcast RC4. FSE 2001, pp152 – 164 (PS).
Serge Mister and Stafford E. Tavares, Cryptanalysis of RC4-like Ciphers. Selected Areas in Cryptography 1998, pp131 – 143
Ilya Mironov, (Not So) Random Shuffles of RC4. CRYPTO 2002, pp304 – 319
Souradyuti Paul and Bart Preneel, Analysis of Non-fortuitous Predictive States of the RC4 Keystream Generator. INDOCRYPT 2003, pp52 – 67 (PDF).
Souradyuti Paul and Bart Preneel, A New Weakness in the RC4 Keystream Generator and an Approach to Improve the Security of the Cipher. Fast Software Encryption - FSE 2004, pp245 – 259 (PDF).

External links RC4

IETF Draft - A Stream Cipher Encryption Algorithm "Arcfour"
Original posting of RC4 algorithm to Cypherpunks mailing list
SCAN's entry for RC4
Attacks on RC4
RC4 - Cryptology Pointers by Helger Lipmaa - new URL from September 2006.
RSA Security Response to Weaknesses in Key Scheduling Algorithm of RC4
T-SQL implementation

RC4 in WEP

(in)Security of the WEP algorithm
Fluhrer, Mantin, and Shamir attack on WEP (postscript format)