Overview#In cryptography, RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is the most widely used software stream Cipher and is used in popular Internet protocols such as Transport Layer Security TLS.
While remarkable for its simplicity and speed in software, RC4 has been termed Cryptographically Weak that and some argue against its use in new systems.
RC4 is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used; some ways of using RC4 can lead to very insecure protocols such as WEP.
As of 2015, there is speculation that some state Cryptologic agencies may possess the capability to break RC4 even when used in the TLS protocol.
Mozilla and Microsoft recommend disabling RC4 where possible.
More Information#There might be more information for this subject on one of the following:
- Kerberos Encryption Types
- Lucky 13
- Master Secret
- Password Flow From Active Directory to eDirectory
- Password Storage Scheme
- Prohibiting RC4 Cipher Suites
- RFC 4757
- Record Protocol
- Security Strength Factor
- TLS 1.3