Stream Ciphers in Practice

Let's introduce two stream ciphers.

  1. RC4 (Rivest Cipher 4) is a symmetric stream cipher algorithm Designed in 1987 by Ron Rivest for RSA Security. Facts about RC4:
    • It uses a seed of variable size: the key can be up to 2,048 bits long.
    • The algorithm takes this seed and generates a pseudo-random stream of bits called the keystream.
    • Ciphertext is then obtained by XORing the plaintext with the keysteam.
    • RC4 was widely adopted and used in many popular protocols including WEP, WPA, HTTPS, SSL/TLS due to its simplicity and speed.
    • However, attacks in 2015 on RC4, such as the NO MORE attack, deemed it insecure for use.
    • Many other vulnerabilities were discovered later, such as the increased chance of getting more 0s than 1s, making it prone to attacks.
    • RC4 shouldn't be used anymore: any protocol using RC4 is vulnerable to attacks. SSL/TLS ditched RC4 in 2015.
These notes by Miriam Briskman are licensed under CC BY-NC 4.0 and based on sources.