of the generator being
XORed with the data stream to produce
the encrypted data. For this reason, it is very important
that the same RC4 key never be used to encrypt two different
data streams. The encryption mechanism used to be a trade
secret, until someone posted source code for an
algorithmonto
Usenet News, claiming it to be equivalent to RC4. The
algorithm is very fast, its security is unknown, but breaking
it does not seem trivial either. There is very strong
evidence that the posted algorithm is indeed equivalent to
RC4.
The United States government routinely approves RC4 with
40-bit keys for export. Keys this small can be easily broken
by governments, criminals, and amateurs. The exportable
RC4-40, was broken by at least two independent groups.
Breaking it took about eight days; in many universities or
companies the same computing power is available to any
computer science student.
(1996-10-28)