In cryptography, RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is the most widely used software stream Cipher and is used in popular Internet protocols such as Transport Layer Security TLS.

While remarkable for its simplicity and speed in software, RC4 has been termed Cryptographically Weak that and some argue against its use in new systems.

RFC 7465 (Prohibiting RC4 Cipher Suites) declares RC4 as being PROHIBITED

RC4 is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used; some ways of using RC4 can lead to very insecure protocols such as WEP.

As of 2015, there is speculation that some state Cryptologic agencies may possess the capability to break RC4 even when used in the TLS protocol.

Mozilla and Microsoft recommend disabling RC4 where possible.

RFC 7465 prohibits the use of RC4 in TLS.

More Information#

There might be more information for this subject on one of the following:
  • [#1] - RC4 - based on information obtained 2015-03-15