RC4, an old friend
Recently Microsoft Google and Mozilla announced they will drop support for RC4 in their browsers SSL implementation, but RC4 won’t disappear overnight from our everyday life despite its troubled history
A closed source algorithm #
RC4 is a RSA cipher developed in 1987 as a closed source algorithm and never officially released to the public.
it came under intensive scrutiny after it was leaked to the internet in 1994 and soon thereafter doubts around its robustness started circulating.
This didn’t stop Microsoft from making it the default encryption cypher for the RDP protocol in 2006 and chip manufacturers to adopt it en masse for the (WEP) from 1997 onwards
WPA to the rescue #
Not many know that WPA was implemented as 2 rounds of RC4 using time based password (TKIP). There were infact too many RC4 chips already in the market once RC4 was deemed unsafe.
WPA has been for a long time considered “secure” because nobody has been able to crack it so far, despite not having any additional mathematical strength over RC4 itself but only shorter lived passwords.
WPA2 to the rescue #
WPA2 (or IEEE 802.11i-2004) has been introduced to add AES encryption to WPA.
Most new routers support it out of the box but the downside is that performance tends to degrade significantly when AES is used