What is RC4?

RC4 was designed in 1987 by Ron Rivest and is one of the most widely software stream cipher and used in popular protocols, such as SSL (protect Internet traffic), WEP (secure wireless networks) and PDF. It’s considered to be fast and simple in terms of software.

RC4 generates a pseudo-random stream of bits (a key-stream). As with any stream cipher, these can be used for encryption by combining it with the plaintext using bit-wise exclusive-or. Decryption is performed the same way (since exclusive-or is a symmetric operation).

To generate the key stream, the cipher makes use of a secret internal state which consists of two parts:
1. A permutation of all 256 possible bytes (denoted "S" below).
2. Two 8-bit index-pointers (denoted "i" and "j").
The permutation is initialized with a variable length key, typically between 40 and 256 bits, using the key-scheduling algorithm (KSA). Then the stream of bits is generated by a pseudo-random generation algorithm.


Figure taken from http://www.networklife.net/2009/07/etude-de-wep-et-rivest-cipher-4/

The lookup stage of RC4. The output byte is selected by looking up the values of S(i) and S(j), adding them together modulo 256, and then looking up the sum in S; S(S(i) + S(j)) is used as a byte of the key-stream, K.