Can you recommend RC4 128-bit encrypted software?

Can you recommend RC4 128-bit encrypted software? We are currently using PGP 6.0 and are unable to determine the...

encryption level.

My recommendation is not to use RC4. But first, I'll answer your question about PGP.

The OpenPGP standard requires that any of the ciphers it uses be at least 128-bits in key size. It also allows for Triple-DES (which is 168 bits, but probably no stronger than 128 -- it would take several paragraphs to explain that fully), Twofish at 256 bits, and AES at all three of its strengths, 128, 192 and 256.

PGP 6.0 predates Twofish and AES, however.

RC4 is used in a lot of SSL implementations, but rarely in object encryption. The reason is that since it is a stream cipher, it has to be used carefully. All stream ciphers have this problem. Misuse of a stream cipher was perhaps the biggest problem in the crack of RC4 in WEP (Wired Equivalent Privacy).

However, RC4 is also starting to show its age. There have been a number of small flaws found in it, of late. I wouldn't panic, myself, but I wouldn't start any new applications using it. Friends I respect, however, are more firm and say you should stop using it right away.

For more info on this topic, visit these SearchSecurity.com resources:

This was first published in March 2004

Dig Deeper on Disk Encryption and File Encryption



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.



Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: