RC4 encryption - broken or not?

Discussion in 'privacy general' started by flatfly, Aug 25, 2010.

Thread Status:
Not open for further replies.
  1. flatfly

    flatfly Registered Member

    Aug 25, 2010
    To the encryption experts out there...

    i would like to know if rc4 has really been broken, and if so, how badly.

    We all know that WEP is broken - due to mistake made in the implementation of rc4, correct me if i'm wrong. But my preferred note-taking application only offers rc4 encryption for my text files.

    I know this is not the strongest algorithm in the universe, but so far I'm
    happy with this application. Still, out of curiosity, could someone who has good experience with encryption (and RC4 in particular) answer the below question?

    How easy (or hard) would it be to decrypt/crack a 100-KB plain text document encrypted with 128-bit RC4, assuming the password used is very strong (12-character random alphanumeric with symbols)

    What if you already know part of the plaintext (say the first 10 bytes) -
    does it make it any easier?

    I hope I'm posting this in the right forum.
    Thanks for any responses!
  2. chronomatic

    chronomatic Registered Member

    Apr 9, 2009
    As you suspected, WEP's implementation of RC4 was flawed and was cracked by some cryptologists who discovered that the first part of the keystream was nonrandom. From Wikipedia:

    So, what we have was mostly a WEP problem and not an RC4 one. RC4 can be made secure, it just has to be done properly. I have no idea what "note taking" program you are using, so I have no idea how they have implemented RC4. I do know that RC4 is used by a lot of websites for SSL (Google among them), so it can be made secure.
Thread Status:
Not open for further replies.