PackageDescription: ARC4
ARC 4Last published: April 2, 2008 by 'kgreek'
Defines 1 Classes
Extends 1 Classes
Here's a very fitting description from Python's mxCrypto library by A.M. Kuchling (http://www.amk.ca/python/writing/pycrypt/node9.html):
"ARC4 is short for 'Alleged RC4'. The real RC4 algorithm is proprietary to RSA Data Security Inc. In September of 1994, someone posted C code to both the Cypherpunks mailing list and to the Usenet newsgroup sci.crypt, claiming that it implemented the RC4 algorithm. This posted code is what I'm calling Alleged RC4, or ARC4 for short. I don't know if ARC4 is in fact RC4, but ARC4 has been subjected to scrutiny on the Cypherpunks mailing list and elsewhere, and does not seem to be easily breakable. The legal issues surrounding the use of ARC4 are unclear, but be aware that it hasn't been subject to much scrutiny, and may have some critical flaw that hasn't yet been discovered"
Same applies to this implementation. Given these legal issues it might be worth to consider avoiding this particular algorithm, however this is one of the few algorithms in the SSL suite that doesn't use insecure limited size keys (up to 56 bits). Moreover thanks to its speed (several times faster than the block ciphers in the SSL suite) it is heavily used in secure web communications making it quite important for an SSL implementation.
To apply the algorithm create an instance of ARC4 with the #key: instance creation method. The argument is the secret key which is expected to be a ByteArray of size up to 256 bytes (anything above that mark will be ignored). ARC4 is a stream cipher so an initialized ARC4 instance can be used to both encrypt and decrypt arbitrary chunks of byte data (see protocol 'services').