RC4 Cipher: A Lightweight and Efficient Stream Cipher Algorithm
There is consensus across the industry that the RC4 cipher is no longer cryptographically secure, and therefore RC4 support is being removed with this update. With this change, Microsoft Edge and Internet Explorer 11 are aligned with the most recent versions of Google Chrome and Mozilla Firefox.For detailed information about RC4 cipher removal in Microsoft Edge and Internet Explorer 11, see RC4 will no longer be supported in Microsoft Edge and IE11.If you want to turn on RC4 support, see details in the More information section.
Download the package now. Release Date: November 10, 2013For more information about how to download Microsoft support files, click the following article number to view the article in the Microsoft Knowledge Base:
rc4 cipher download
RC4 is not turned off by default for all applications. Applications that call in to SChannel directly will continue to use RC4 unless they opt in to the security options. Applications that use SChannel can block RC4 cipher suites for their connections by passing the SCH_USE_STRONG_CRYPTO flag to SChannel in the SCHANNEL_CRED structure. If compatibility must be maintained, applications that use SChannel can also implement a fallback that does not pass this flag.
In September 2015, Microsoft announced the end-of-support for the RC4 cipher in Microsoft Edge and Internet Explorer 11 in 2016, as there is consensus across the industry that RC4 is no longer cryptographically secure.
RC4 is a stream cipher that was first described in 1987, and has been widely supported across web browsers and online services. Modern attacks have demonstrated that RC4 can be broken within hours or days. The typical attacks on RC4 exploit biases in the RC4 keystream to recover repeatedly encrypted plaintexts. In February 2015, these new attacks prompted the Internet Engineering Task Force to prohibit the use of RC4 with TLS.
If your web service relies on RC4, you will need to take action. Since 2013, Microsoft has recommended that customers enable TLS 1.2 in their services and remove support for RC4. For additional details, please see Security Advisory 2868725. For supported ciphers, and additional information on ciphers, see Cipher Suites in TLS/SSL (Schannel SSP).
In cryptography, RC4 (Rivest Cipher 4, also known as ARC4 or ARCFOUR, meaning Alleged RC4, see below) is a stream cipher. While it is remarkable for its simplicity and speed in software, multiple vulnerabilities have been discovered in RC4, rendering it insecure. It is especially vulnerable when the beginning of the output keystream is not discarded, or when nonrandom or related keys are used. Particularly problematic uses of RC4 have led to very insecure protocols such as WEP.
RC4 generates a pseudorandom stream of bits (a keystream). As with any stream cipher, these can be used for encryption by combining it with the plaintext using bitwise exclusive or; decryption is performed the same way (since exclusive or with given data is an involution). This is similar to the one-time pad, except that generated pseudorandom bits, rather than a prepared stream, are used.
Unlike a modern stream cipher (such as those in eSTREAM), RC4 does not take a separate nonce alongside the key. This means that if a single long-term key is to be used to securely encrypt multiple streams, the protocol must specify how to combine the nonce and the long-term key to generate the stream key for RC4. One approach to addressing this is to generate a "fresh" RC4 key by hashing a long-term key with a nonce. However, many applications that use RC4 simply concatenate key and nonce; RC4's weak key schedule then gives rise to related-key attacks, like the Fluhrer, Mantin and Shamir attack (which is famous for breaking the WEP standard).
Because RC4 is a stream cipher, it is more malleable than common block ciphers. If not used together with a strong message authentication code (MAC), then encryption is vulnerable to a bit-flipping attack. The cipher is also vulnerable to a stream cipher attack if not implemented correctly.
How to disable RC4 cipher in Internet Explorer 11 or Microsoft Edge
RC4 Wireless software and firmware downloads for lighting and props
Microsoft security advisory: Update for disabling RC4 cipher
RC4 Commander configuration software for RC4Magic and RC5 EASS systems
RC4 CodeLoader software for updating firmware in RC4 devices
How to enable SSL3 and RC4 support in Windows 10
RC4 cipher removal in Microsoft Edge and Internet Explorer 11
RC4 Wireless dimmers and pixel drivers for wireless DMX
How to request an encrypted RC4 Private IDentity file for RC4 Commander
RC4 cipher suite priority list and recommended alternatives
How to use RDM (remote device management) for LumenDim and W-DIM devices
RC4 CodeLoader cable product page and tutorial videos
How to check if a website or server uses RC4 cipher
RC4 Wireless knowledge base and support tickets
How to install RC4 Commander software on Mac OS or Windows PC
RC4 cipher vulnerabilities and security risks
RC4 Wireless products and accessories catalog
How to use RC4 Commander software to configure wireless devices
How to update the security settings of Internet Explorer 11 or Microsoft Edge
How to test the performance and reliability of RC4 Wireless systems
How to troubleshoot common issues with RC4 devices and software
How to contact RC4 Wireless customer service and technical support
How to find the latest news and updates from RC4 Wireless
How to use the easy fix wizard to turn on RC4 support automatically
How to uninstall or remove RC4 Commander software from your computer
How to enable or disable RC4 cipher using registry settings
How to find the serial number and firmware version of your RC4 device
How to use the DEMO mode of RC4 Commander software without physical devices
How to download and install the latest cumulative security update for Internet Explorer 11
How to use the Dark Mode feature of RC4 Commander software version 3.x
How to find the best wireless DMX solution for your project with RC4 Wireless
How to use the advanced features of RC4 devices such as HSL color control, PWM frequencies, and curves
How to backup or restore your RC4 Private IDentity file and device settings
How to use the online tools and resources from RC4 Wireless website
How to upgrade your old or outdated RC4 devices and software
How to join the RC4 Wireless community and share your feedback and ideas
How to learn more about the history and technology of RC4 Wireless
How to use the compatibility mode of RC4 devices with other wireless DMX systems
How to find the user manuals and datasheets of RC4 devices and software
How to register your RC4 device and get warranty service
It is noteworthy, however, that RC4, being a stream cipher, was for a period of time the only common cipher that was immune to the 2011 BEAST attack on TLS 1.0. The attack exploits a known weakness in the way cipher-block chaining mode is used with all of the other ciphers supported by TLS 1.0, which are all block ciphers.
The keystream generated by the RC4 is biased to varying degrees towards certain sequences, making it vulnerable to distinguishing attacks. The best such attack is due to Itsik Mantin and Adi Shamir, who showed that the second output byte of the cipher was biased toward zero with probability 1/128 (instead of 1/256). This is due to the fact that if the third byte of the original state is zero, and the second byte is not equal to 2, then the second output byte is always zero. Such bias can be detected by observing only 256 bytes.
In 2005, Andreas Klein presented an analysis of the RC4 stream cipher, showing more correlations between the RC4 keystream and the key. Erik Tews, Ralf-Philipp Weinmann, and Andrei Pychkine used this analysis to create aircrack-ptw, a tool that cracks 104-bit RC4 used in 128-bit WEP in under a minute. Whereas the Fluhrer, Mantin, and Shamir attack used around 10 million messages, aircrack-ptw can break 104-bit keys in 40,000 frames with 50% probability, or in 85,000 frames with 95% probability.
In 2013, a group of security researchers at the Information Security Group at Royal Holloway, University of London reported an attack that can become effective using only 234 encrypted messages. While yet not a practical attack for most purposes, this result is sufficiently close to one that it has led to speculation that it is plausible that some state cryptologic agencies may already have better attacks that render RC4 insecure. Given that, as of 2013[update], a large amount of TLS traffic uses RC4 to avoid attacks on block ciphers that use cipher block chaining, if these hypothetical better attacks exist, then this would make the TLS-with-RC4 combination insecure against such attackers in a large number of practical scenarios.
FIPS-compliance has become more complex with the addition of elliptic curves making the FIPS mode enabled column in previous versions of this table misleading. For example, a cipher suite such as TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 is only FIPS-compliant when using NIST elliptic curves. To find out which combinations of elliptic curves and cipher suites will be enabled in FIPS mode, see section 3.3.1 of Guidelines for the Selection, Configuration, and Use of TLS Implementations.
Prior to Windows 10, cipher suite strings were appended with the elliptic curve to determine the curve priority. Windows 10 supports an elliptic curve priority order setting so the elliptic curve suffix is not required and is overridden by the new elliptic curve priority order, when provided, to allow organizations to use group policy to configure different versions of Windows with the same cipher suites.
This script repeatedly initiates SSLv3/TLS connections, each time trying a newcipher or compressor while recording whether a host accepts or rejects it. Theend result is a list of all the ciphersuites and compressors that a server accepts.
Each ciphersuite is shown with a letter grade (A through F) indicating thestrength of the connection. The grade is based on the cryptographic strength ofthe key exchange and of the stream cipher. The message integrity (hash)algorithm choice is not a factor. The output line beginning withLeast strength shows the strength of the weakest cipher offered.The scoring is based on the Qualys SSL Labs SSL Server Rating Guide, but doesnot take protocol support (TLS version) into account, which makes up 30% of theSSL Labs rating.
SSLv3/TLSv1 requires more effort to determine which ciphers and compressionmethods a server supports than SSLv2. A client lists the ciphers and compressorsthat it is capable of supporting, and the server will respond with a singlecipher and compressor chosen, or a rejection notice.
Some servers use the client's ciphersuite ordering: they choose the first ofthe client's offered suites that they also support. Other servers prefer theirown ordering: they choose their most preferred suite from among those theclient offers. In the case of server ordering, the script makes extra probes todiscover the server's sorted preference list. Otherwise, the list is sortedalphabetically.
You can tune some behavior, but its usually limited to disabling algorithms and cipher suites that exist. See, for example, How to restrict the use of certain cryptographic algorithms and protocols in Schannel.dll.
iOS, iPadOS, and macOS support Transport Layer Security (TLS 1.0, TLS 1.1, TLS 1.2, TLS 1.3) and Datagram Transport Layer Security (DTLS). The TLS protocol supports both AES128 and AES256, and prefers cipher suites with forward secrecy. Internet apps such as Safari, Calendar, and Mail automatically use this protocol to enable an encrypted communication channel between the device and network services. High-level APIs (such as CFNetwork) make it easy for developers to adopt TLS in their apps, while low-level APIs (such as Network.framework) provide fine-grained control. CFNetwork disallows SSL 3, and apps that use WebKit (such as Safari) are prohibited from making an SSL 3 connection.
App Transport Security provides default connection requirements so that apps adhere to best practices for secure connections when using NSURLConnection, CFURL, or NSURLSession APIs. By default, App Transport Security limits cipher selection to include only suites that provide forward secrecy, specifically:
Developed in 1987 by Ron Rivest, the RC4 cipher has been a staple of cryptography for almost 30 years. For many years, RC4 was widely used by HTTPS servers: first because it was faster than contemporary alternatives, and later because it was immune to attacks that other ciphers were vulnerable to, such as BEAST.