You want to use RC4 securely.

You can’t be very confident about the security of RC4 for general-purpose use, owing to theoretical weaknesses. However, if you’re willing to use only a very few RC4 outputs (a limit of about 100,000 bytes of output), you can take a risk, as long as you properly set it up.

Before using the standard initialization functions provided by your cryptographic library, take one of the following two steps:

After initialization, RC4 is used just as any block cipher in a streaming mode is used.

Most libraries implement RC4, but it is so simple that we provide an implementation in the following section.

RC4 is a simple cipher that is really easy to use once you have it set up securely, which is actually difficult to do! Due to this key-setup problem, RC4’s theoretical weaknesses, and the availability of faster solutions that look more secure, we recommend you just not use RC4. If you’re looking for a very fast solution, we recommend SNOW 2.0.

In this recipe, we’ll start off ignoring the RC4 key-setup problem. We’ll show you how to use RC4 properly, giving a complete implementation. Then, after all that, we’ll discuss how to set it up securely.