Skip to main content
Utilavo

RC4 Encrypt / Decrypt

Encrypt and decrypt data with the RC4 stream cipher with configurable key size and drop bytes

How to use RC4 Encrypt / Decrypt

  1. Enter your data and key

    Type or paste the text to encrypt or decrypt and enter your RC4 key.

  2. Set drop bytes

    Configure the number of initial keystream bytes to discard (default: 768). Discarding 768 or more bytes significantly mitigates known biases.

  3. Click Encrypt or Decrypt

    The output appears instantly. RC4 encryption and decryption are the same operation — apply the cipher twice to recover the original.

  4. Copy the output

    Click Copy to use the result.

Operation

RC4 has known statistical biases and is prohibited in TLS. Do not use for new applications.
Cipher Settings
Key Configuration

Key Type

What is RC4 encryption?

RC4 (Rivest Cipher 4) is a stream cipher that generates a pseudorandom keystream and XORs it with the plaintext to produce ciphertext. Unlike block ciphers (AES, DES), RC4 encrypts data one byte at a time without requiring padding or a mode of operation, making it very fast to implement in software.

RC4 has known cryptographic weaknesses — particularly in the initial keystream bytes — and was banned from TLS (HTTPS) in 2015 via RFC 7465. This tool includes a configurable drop parameter to discard the vulnerable initial bytes. Use RC4 only for legacy compatibility.

RC4 was once the most widely used stream cipher in the world. It was the default cipher in SSL/TLS for over a decade, the encryption behind WEP WiFi security, and the cipher used by Microsoft Office, WinZip, and many database encryption systems. Ron Rivest designed it in 1987 and it remained a trade secret until it was anonymously posted to a Usenet newsgroup in 1994. Its simplicity (the entire algorithm is about 20 lines of code) and speed made it extremely popular, but a series of increasingly practical attacks between 2001 and 2015 revealed fundamental biases in the keystream that allow plaintext recovery.

The primary weaknesses are in the first bytes of the keystream, where the output is correlated with the key. The Fluhrer-Mantin-Shamir (FMS) attack (2001) exploited this to break WEP WiFi encryption. Subsequent research by AlFardan and Bernstein (2013) showed that statistical biases persist throughout the keystream, enabling plaintext recovery from TLS-encrypted data given enough captured sessions. The drop parameter mitigates the early-byte weakness by discarding the initial keystream, but does not address the fundamental biases. For any new encryption requirement, use AES-256 instead. For background on cipher families and their security properties, see our encryption algorithms guide.

Frequently asked questions

Why was RC4 banned from HTTPS?

RC4 has statistical biases in its keystream output that allow attackers to recover plaintext from encrypted data given enough ciphertext. In 2015, RFC 7465 prohibited the use of RC4 in TLS. It should not be used for securing sensitive data.

What does the 'drop' parameter do?

The initial bytes of the RC4 keystream have known statistical weaknesses. The drop parameter discards the first N bytes of keystream before encryption begins. Discarding 768 or more bytes (RC4-drop[768]) substantially reduces but does not eliminate the weakness.

Why is RC4 encryption and decryption the same operation?

RC4 is a stream cipher — it XORs plaintext with a keystream. XOR is its own inverse: applying the same keystream again recovers the original text. This symmetry simplifies implementation.

When would I use RC4?

Only for decrypting data encrypted by legacy systems that use RC4 (WEP WiFi, older WinZip, some database encryption). No new application should encrypt with RC4.

How was WEP WiFi encryption broken using RC4?

WEP concatenated a 24-bit initialization vector (IV) with the WEP key and used the result as the RC4 key for each packet. The short IV space (only 16 million values) meant IVs were frequently reused, and the Fluhrer-Mantin-Shamir attack exploited correlations between the IV and the first keystream bytes to recover the key. This could be done passively by capturing enough packets, typically within minutes on a busy network. WEP was replaced by WPA (using TKIP, then AES-CCMP) as a result.

Is RC4-drop[768] secure enough for non-critical use?

RC4-drop[768] discards the first 768 bytes of keystream, which eliminates the strongest statistical biases in the early output. However, weaker biases persist throughout the entire keystream, and the algorithm lacks the structural security guarantees of modern ciphers. For non-critical applications where compatibility with RC4 systems is required, RC4-drop[768] is a reasonable mitigation. For any data that needs genuine confidentiality, use AES instead.

Related tools

JSON Formatter

Format, validate, and prettify JSON data online for API debugging and code review

Ab64

Base64 Encoder

Encode and decode Base64 strings and files for APIs, emails, and data URIs

%

URL Encoder

Encode and decode URL components online for safe query strings and API parameters

Hash Generator

Generate MD5, SHA-256, SHA-512, BLAKE3, and 25+ cryptographic hashes to verify file integrity

//.*

Regex Tester

Test and debug regular expressions online with live matching and capture groups

Related guides

Developer10 min read

AES vs DES vs Triple DES: Encryption Algorithms Explained

An educational overview of symmetric encryption algorithms, their security levels, key sizes, and when to use each one in modern applications.