Problem solve Get help with specific problems with your technologies, process and projects.

What is RC4?

What is RC4? What is the encryption strength of RC4? How does it compare to AES?

RC4 was developed in 1987 by Ron Rivest (the "R" in RSA). It's been quietly used in a variety of applications since then but came to prominence when it was adopted as the security foundation for the 802.11b WEP (Wireless Equivalent Privacy) wireless LAN standard.

RC4 is a Vernam Cipher, using a 24-bit initialization vector (IV) to create key lengths of 40 or 128 bits.

However, a growing number of published studies have found significant weaknesses in the structure and key generation of RC4, prompting the claim by a number of commentators that the algorithm is "unsafe at any key size."

AES is the Rijndael (pronounced Rhine Doll) encryption algorithm chosen in October 2000 by the NIST as the new Advanced Encryption Standard to officially replace DES.

AES has key sizes of 128, 192 and 256 bits. To give you some idea of how secure AES is believed to be, here's how the NIST compares it to DES:

"Assuming that one could build a machine that could recover a DES key in a second (i.e., try 255 keys per second), then it would take that machine approximately 149 thousand-billion (149 trillion) years to crack a 128-bit AES key. To put that into perspective, the universe is believed to be less than 20 billion years old."

For more information on this topic, visit these other SearchSecurity.com resources:
Best Web Links: Encryption
Ask the Expert: Encryption algorithms
Ask the Expert: The differences between AES and DES

This was last published in June 2002

Dig Deeper on Disk and file encryption tools