RC4 Encrypt / Decrypt
Encrypt and decrypt data with the RC4 stream cipher with configurable key size and drop bytes
What is RC4 encryption?
RC4 (Rivest Cipher 4) is a stream cipher that generates a pseudorandom keystream and XORs it with the plaintext to produce ciphertext. Unlike block ciphers (AES, DES), RC4 encrypts data one byte at a time without requiring padding or a mode of operation, making it very fast to implement in software.
RC4 has known cryptographic weaknesses — particularly in the initial keystream bytes — and was banned from TLS (HTTPS) in 2015 via RFC 7465. This tool includes a configurable drop parameter to discard the vulnerable initial bytes. Use RC4 only for legacy compatibility.
How to use RC4 Encrypt / Decrypt
Enter your data and key
Type or paste the text to encrypt or decrypt and enter your RC4 key.
Set drop bytes
Configure the number of initial keystream bytes to discard (default: 768). Discarding 768 or more bytes significantly mitigates known biases.
Click Encrypt or Decrypt
The output appears instantly. RC4 encryption and decryption are the same operation — apply the cipher twice to recover the original.
Copy the output
Click Copy to use the result.
Frequently asked questions
Why was RC4 banned from HTTPS?
RC4 has statistical biases in its keystream output that allow attackers to recover plaintext from encrypted data given enough ciphertext. In 2015, RFC 7465 prohibited the use of RC4 in TLS. It should not be used for securing sensitive data.
What does the 'drop' parameter do?
The initial bytes of the RC4 keystream have known statistical weaknesses. The drop parameter discards the first N bytes of keystream before encryption begins. Discarding 768 or more bytes (RC4-drop[768]) substantially reduces but does not eliminate the weakness.
Why is RC4 encryption and decryption the same operation?
RC4 is a stream cipher — it XORs plaintext with a keystream. XOR is its own inverse: applying the same keystream again recovers the original text. This symmetry simplifies implementation.
When would I use RC4?
Only for decrypting data encrypted by legacy systems that use RC4 (WEP WiFi, older WinZip, some database encryption). No new application should encrypt with RC4.