RC4 Cipher Tool - ARC4 Stream Cipher Encrypt/Decrypt

Encrypt and decrypt with RC4 (ARC4) stream cipher. Legacy encryption for WEP, SSL analysis, and protocol research. Free online RC4 tool.

Security Warning: RC4 is cryptographically broken and should NOT be used for securing data. This tool is for educational purposes, legacy system analysis, and CTF challenges only.

RC4 Stream Cipher

Key

Key is used as UTF-8 bytes (1-256 bytes)

Input

Input Format

Output Format

Drop bytes

Output

Algorithm Details

Type: Stream cipher

Designer: Ron Rivest (1987)

Key size: 1-256 bytes

State: 256 bytes + 2 indices

Status: Deprecated, insecure

Known Vulnerabilities

Initial keystream bias
Related-key attacks
Fluhrer-Mantin-Shamir attack
Klein's attack
Royal Holloway attack

Historical Use

WEP (broken 2001)
WPA-TKIP (deprecated)
SSL 3.0 / TLS 1.0-1.2
Microsoft Office 97-2003
PDF encryption v1-3

Blowfish Encryption Tool - Free Online B…

XTEA Encryption Tool - Tiny Encryption A…

Caesar Cipher Encoder - Shift Text by An…

ROT13 Cipher - Text Encoder & Decoder On…

AES Encryption Tool - Secure Browser-Bas…

View all Cipher encoders →

Frequently Asked Questions

RC4 (Rivest Cipher 4, also called ARC4) is a stream cipher designed by Ron Rivest in 1987. It was widely used in SSL/TLS, WEP, WPA-TKIP, and many protocols due to its simplicity and speed.

No. RC4 has significant vulnerabilities and is deprecated. The initial keystream bytes are biased, and various attacks exist. RC4 is banned in TLS 1.3. Use AES or ChaCha20 for security.

RC4 was used in WEP (WiFi), WPA-TKIP, early SSL/TLS, Microsoft Office encryption, PDF encryption, BitTorrent protocol encryption, and many legacy systems.

RC4 appears in legacy systems, malware analysis, CTF challenges, protocol research, and understanding cryptographic history. Many IoT devices still use RC4.

RC4 initializes a 256-byte state array using the key (KSA), then generates pseudo-random bytes (PRGA) that are XORed with plaintext. The same process encrypts and decrypts.

RC4 supports keys from 1 to 256 bytes. Longer keys don't increase security much due to the 256-byte state. Common sizes were 40-bit (export), 128-bit, and 256-bit.

Drop-N (like RC4-drop-256) discards the first N bytes of keystream to avoid initial bias vulnerabilities. This was a mitigation before RC4 was fully deprecated.

Yes. All computation happens in your browser using JavaScript. Your data never leaves your device.

RC4 Stream Cipher

Related Tools