VDict mobile



cryptography A cipher designed by RSA Data Security,Inc. which can accept keys of arbitrary length, and is
essentially a pseudo random number generator with the output
of the generator being XORed with the data stream to produce
the encrypted data. For this reason, it is very important
that the same RC4 key never be used to encrypt two different
data streams. The encryption mechanism used to be a trade
secret, until someone posted source code for an algorithm
onto Usenet News, claiming it to be equivalent to RC4. The
algorithm is very fast, its security is unknown, but breaking
it does not seem trivial either. There is very strong
evidence that the posted algorithm is indeed equivalent to
RC4.
The United States government routinely approves RC4 with
40-bit keys for export. Keys this small can be easily broken
by governments, criminals, and amateurs. The exportable
version of Netscape's Secure Socket Layer, which uses
RC4-40, was broken by at least two independent groups.
Breaking it took about eight days; in many universities or
companies the same computing power is available to any
computer science student.
(1996-10-28)