|
In cryptography, RC4 (Rivest Cipher 4 also known as ARC4 or ARCFOUR meaning Alleged RC4, see below) is a stream cipher. While remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP. , there is speculation that some state cryptologic agencies may possess the capability to break RC4 when used in the TLS protocol.〔 IETF has published RFC 7465 to prohibit the use of RC4 in TLS;〔 Mozilla and Microsoft have issued similar recommendations.〔(【引用サイトリンク】title=Mozilla Security Server Side TLS Recommended Configurations )〕 In 2014, Ronald Rivest gave a talk and published a paper on an updated redesign called Spritz. ==History== RC4 was designed by Ron Rivest of RSA Security in 1987. While it is officially termed "Rivest Cipher 4", the RC acronym is alternatively understood to stand for "Ron's Code"〔(Rivest FAQ )〕 (see also RC2, RC5 and RC6). RC4 was initially a trade secret, but in September 1994 a description of it was anonymously posted to the Cypherpunks mailing list. It was soon posted on the sci.crypt newsgroup, and from there to many sites on the Internet. The leaked code was confirmed to be genuine as its output was found to match that of proprietary software using licensed RC4. Because the algorithm is known, it is no longer a trade secret. The name ''RC4'' is trademarked, so RC4 is often referred to as ''ARCFOUR'' or ''ARC4'' (meaning ''alleged RC4'')〔(【引用サイトリンク】url=http://www.openbsd.org/cgi-bin/man.cgi?query=arc4random&sektion=0&manpath=OpenBSD+5.4 )〕 to avoid trademark problems. RSA Security has never officially released the algorithm; Rivest has, however, linked to the English Wikipedia article on RC4 in his own course notes in 2008〔(6.857 Computer and Network Security Spring 2008: Lectures and Handouts )〕 and confirmed the history of RC4 and its code in a 2014 paper by him.〔 RC4 became part of some commonly used encryption protocols and standards, such as WEP in 1997 and WPA in 2003/2004 for wireless cards; and SSL in 1995 and its successor TLS in 1999, until it was prohibited for all versions of TLS by RFC 7465 in 2015, due to the RC4 attacks weakening or breaking RC4 used in SSL/TLS. The main factors in RC4's success over such a wide range of applications have been its speed and simplicity: efficient implementations in both software and hardware were very easy to develop. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「RC4」の詳細全文を読む スポンサード リンク
|