### Practical attack on RC4 encryption

Posted:

**Wed Jun 27, 2012 11:30 am**Hi,

these days I'm facing a crypto problem with RC4 encryption.

I know that there is a function which constructs the RC4 key, which is used to initialize the state. The key is 20 bytes large and constructed by function which receives two parameters. one parameter is 20 byte large and known to me, the other parameter is 32 byte long and not known to me. the algorithm inside the key construction function is proprietary and also unknown. after the key construction "merges" the two parameters somehow the final key is returned and can be used for enc/dec operation.

I own parts of the original plain text, lets says something about 4 - 16 bytes of a message which can be up to 256 bytes long. the bytes which are known are at the beginning of the message.

I'm everything else but a crypto guru so I have two quests to the gurus:

1. As i know parts of the seeds which are used to construct the key, is it ( not only virtually ) possible to bruteforce the original key by use of the supplied information within a reasonable amount of time ?

2. If not, is there any other approach which my work to recover the original key from the supplied information ?

I read a few papers regarding attacks on RC4, but i have to admit, that most of them are quite loaded with lots of math. So if you have an explanation for me which is also intended for a non-math guru, it would be great!!!

Thanks in advance!

Regards,

OHPen.

these days I'm facing a crypto problem with RC4 encryption.

I know that there is a function which constructs the RC4 key, which is used to initialize the state. The key is 20 bytes large and constructed by function which receives two parameters. one parameter is 20 byte large and known to me, the other parameter is 32 byte long and not known to me. the algorithm inside the key construction function is proprietary and also unknown. after the key construction "merges" the two parameters somehow the final key is returned and can be used for enc/dec operation.

I own parts of the original plain text, lets says something about 4 - 16 bytes of a message which can be up to 256 bytes long. the bytes which are known are at the beginning of the message.

I'm everything else but a crypto guru so I have two quests to the gurus:

1. As i know parts of the seeds which are used to construct the key, is it ( not only virtually ) possible to bruteforce the original key by use of the supplied information within a reasonable amount of time ?

2. If not, is there any other approach which my work to recover the original key from the supplied information ?

I read a few papers regarding attacks on RC4, but i have to admit, that most of them are quite loaded with lots of math. So if you have an explanation for me which is also intended for a non-math guru, it would be great!!!

Thanks in advance!

Regards,

OHPen.