Q

# What are the alternatives to RC4 and symmetric cryptography systems?

## In this SearchSecurity.com Q&A, network security expert Mike Chapple explains how RC4 encryption stacks up against public key cryptography.

What's the best way to describe RC4 encryption? How does RC4 encryption compare to other encryption options?

RC4 is a symmetric cryptosystem, invented in 1987 by MIT cryptographer Ronald Rivest, who went on to found RSA Security. The algorithm has several known flaws, but it is still widely used.

In symmetric cryptosystems, such as RC4, communicating parties use the same shared secret key to both encrypt and decrypt the communication. For example, if Alice wants to send a private message to Bob, she would encrypt the message with a key (let's call it KAB) and then send the encrypted message to Bob. When Bob receives it, he would need to decrypt the message using the same algorithm (RC4) and the same key (KAB). The obvious disadvantage to this approach is that Alice and Bob must both already know KAB. In addition, a unique key is required for every pair of users that want to communicate. Key management issues quickly become intimidating for symmetric cryptosystems.

RC4 is also known to have several significant flaws in the way it constructs and uses keys. Therefore, most security professionals recommend using alternative symmetric algorithms. Two of the most commonly used ones are the Triple Data Encryption Standard (3DES) and the Advanced Encryption Standard (AES). Many programs that support RC4 also provide built-in support for 3DES and/or AES.

The alternative approach to symmetric encryption is public key (or asymmetric) cryptography, which assigns each user a pair of keys. Every individual has his or her own private key and his or her own public key. These keys are mathematically related in such a fashion that a message encrypted with one key of the pair can only be decrypted with the other key from the same pair. Returning to our example of Alice and Bob, Alice would encrypt the message with Bob's public key and then Bob would decrypt it using his own private key. The nature of asymmetric cryptography makes it possible for each user to freely share his or her public key with other users. The security of the system relies upon the secrecy of the private key. What's the catch? Asymmetric cryptography is generally much slower than symmetric cryptography.

This was last published in May 2007

## Content

Find more PRO+ content and other member only offers, here.

#### Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### How to prepare for a cloud DDoS attack on an enterprise

Suffering a cloud DDoS attack is now more likely than ever. Expert Frank Siemons discusses what enterprises need to know about ...

• ### Ownership of cloud risks gets lost in many cloud computing scenarios

CISOs ensure that cloud services comply with IT security and risk management policies. But who has executive oversight of ...

• ### Cloud incident response: What enterprises need to include in a plan

A cloud incident response plan can be difficult to assemble. Expert Rob Shapland discusses the basics of what to include in a ...

## SearchNetworking

• ### Delivering private and public cloud applications securely

'It's all about the apps' is today's mantra, and managing private and public cloud app delivery must be a top concern in order to...

• ### Gigabit Ethernet speeds: What's the impact of 2.5 and 5 GbE?

Gigabit Ethernet speeds mean enterprises can boost wireless performance without actually replacing wiring. But there are still ...

• ### Zero downtime goal of new industry group

Networking analysts discuss if a new zero-downtime initiative will be viable and the best way to unlock the value of the hybrid ...

## SearchCIO

• ### Forget about Trump's tech policy -- it's the economy, CIOs

Trump invites tech leaders to a meeting next week, but tech policy is far from the whole story. Also in Searchlight: Google goes ...

• ### Renew vs. replace software? CFOs say it depends on business capabilities

CFOs discussed how they decide whether to keep or replace software at the recent MIT Sloan CFO Summit. Cloud looms large in their...

• ### Record-busting online holiday sales and the rise of the omnishopper

Record online holiday sales foretell the arrival of conversational commerce, digital humanism and the omnishopper. Also: AWS goes...

## SearchConsumerization

• ### Android, Windows tablets from HP take aim at business users

HP released a new line of tablets targeting business users. The HP Pro Slate 8 and Pro Slate 12 run Android and cost \$449 and ...

• ### Microsoft to lay off 18,000, Nokia X moves to Windows Phone

Microsoft will lay off 18,000 people over the next year while the Nokia X line of Android smartphones, which was unveiled earlier...

• ### Microsoft Surface Pro 3 vs. Microsoft Surface Pro 2

Surface Pro 2 and Surface Pro 3 are different enough that Microsoft is keeping both on the market as competing products. Which ...

## SearchEnterpriseDesktop

• ### VMware Identity Manager helps IT provide user access across device types

With Identity Manager, VMware's identity as a service offering, IT admins can deliver a variety of application types across ...

• ### Experts predict the future of Windows 10 and the Creators Update

Three experts share their thoughts on what's next for enterprise desktop admins in 2017, including what to expect from Windows 10...

If admins notice any issues with tasks running on Windows, they can turn to NirSoft's TaskSchedulerView to pinpoint the culprit ...

## SearchCloudComputing

• ### Ten ways to improve your private cloud self-service portal

A private cloud portal allows users to tap into the self-service benefits of cloud. Follow these ten steps to guarantee user ...

• ### Cloud computing programming API tutorial

Developers have a wide range of platforms to choose from to create cloud-based applications. Dive into cloud programming ...

• ### The hybrid cloud management platform and the modern enterprise

Hybrid cloud management is a hot issue for modern IT operations. Read more to find out what it is, how it works and what it can ...

## ComputerWeekly

• ### Government Transformation Strategy to 'fundamentally' change the way departments operate

A background document seen by Computer Weekly outlines details of the forthcoming Government Transformation Strategy

• ### IT Priorities 2017: Nordic organisations to spend more on cloud services

The adoption of cloud computing in its many guises will be a top priority in the Nordic region in 2017

• ### Blackberry changes tack to secure enterprise internet of things

After dropping devices to concentrate on mobile device management, Blackberry is poised to take on IoT security under John Chen’s...

Close