Monthly Archives: May 2017

RC4 Algorithm

This post is a special request from someone who is interested in this topic .. normally I don’t do easy  ciphers because there are many references on the internet, writing about it will be redundant .. anyway  today i’m going to briefly explain it hope that someone will get some benefit from it “finger crossed”  … so here we start :

RC4 one of the great ciphers of all times in my opinion (though I don’t recommend that you use it now cause it’s broken) what makes it interesting that it’s really easy and it’s really really  fast in software .. it’s developed by Ron Rivest ..

RC4 Specs :

RC4 cipher consists of two parts:

1. The Key Scheduling Algorithm (KSA).

2. The Pseudo Random (Byte) Generation Algorithm (PRGA).

The State of RC4 is 256-byte array they always denoted  by S but maybe it’s different in some other implementations .. this array contains a permutation of the elements from 0 to 256 .. it takes key size up to 2048 bits

and you can see a hint of how this is working on reality .. you can develop this on any programming language you want

Note : All additions done modulo 256

       for(i=0; i<256; i++) S[i] := i; // initialize the array
j := 0
      for(i=0; i<256; i++){
j := (j + S[i] + key[i mod keylength]) mod 256;
swap(S[i], S[j]);


i := 0; j := 0;
i := (i + 1) mod 256;
j := (j + S[i]) mod 256;
swap(S[i], S[j]);
K := S[(S[i] + S[j]) mod 256];
output K;
                  }   while(required);

RC4 was not designed to take an IV as input … but because RC4 can accept a large key size in practice people concatenate  the secret key with some random values

There are many applications and protocols that runs RC4 like (SSL optionally, SSH optionally, Microsoft Point-to-Point Encryption) but the most important protocol is WEB .. and once again i’m telling you please don’t you ever use this algorithm in your application and in fact don’t use this protocol too !

Some Vulnribility of WEB Protocol:

-Short IV length and some time week IVs

– Clear Text IV as part of the key : 24 bits of every key in cleartext ! can you imagine this !!


I hope at the end of this post you got a glance of how RC4 work ..