Problem solve Get help with specific problems with your technologies, process and projects.

Can you recommend RC4 128-bit encrypted software?

Can you recommend RC4 128-bit encrypted software? We are currently using PGP 6.0 and are unable to determine the...

encryption level.

My recommendation is not to use RC4. But first, I'll answer your question about PGP.

The OpenPGP standard requires that any of the ciphers it uses be at least 128-bits in key size. It also allows for Triple-DES (which is 168 bits, but probably no stronger than 128 -- it would take several paragraphs to explain that fully), Twofish at 256 bits, and AES at all three of its strengths, 128, 192 and 256.

PGP 6.0 predates Twofish and AES, however.

RC4 is used in a lot of SSL implementations, but rarely in object encryption. The reason is that since it is a stream cipher, it has to be used carefully. All stream ciphers have this problem. Misuse of a stream cipher was perhaps the biggest problem in the crack of RC4 in WEP (Wired Equivalent Privacy).

However, RC4 is also starting to show its age. There have been a number of small flaws found in it, of late. I wouldn't panic, myself, but I wouldn't start any new applications using it. Friends I respect, however, are more firm and say you should stop using it right away.

For more info on this topic, visit these SearchSecurity.com resources:

This was last published in March 2004

Dig Deeper on Disk and file encryption tools

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.