What is RC4?
RC4 is a fast symmetric stream cipher designed by Ron Rivest in 1987. It turns a variable-length key into a pseudo-random keystream and XORs that keystream with your data. RC4 was once widely used in SSL/TLS and WEP, but it has serious statistical biases and is now considered broken — it is banned in TLS. Use RC4 only for legacy compatibility or learning; for security choose AES or ChaCha20. Runs in your browser.
Broken cipher: RC4 has known biases and is prohibited in TLS. Use AES instead. Runs locally in your browser.
How RC4 works
RC4 is a stream cipher built from a 256-byte state:
- Key scheduling (KSA) — the key initializes and shuffles a 256-byte permutation state.
- Keystream (PRGA) — the state produces a pseudo-random byte stream.
- XOR — each plaintext byte is XORed with a keystream byte to produce the ciphertext.
Because XOR is symmetric, the same operation encrypts and decrypts.
How to use
- Enter the text you want to encrypt.
- Provide a key (and IV/mode settings where required).
- The encrypted output is produced in your browser.
- Share the ciphertext; share the key only through a safe channel.
Options explained
- Key / passphrase — Provide the secret key used to seed the keystream.
- Encoding — Choose how input is read and how output is shown (Hex, Base64).
Common uses
- Interoperating with legacy systems that used RC4.
- Reading old WEP/SSL data in controlled settings.
- Learning how stream ciphers work.
Frequently asked questions
Is RC4 secure?
No. RC4 has exploitable biases and is banned in TLS. Use AES or ChaCha20.
Why is encrypt the same as decrypt?
RC4 XORs data with a keystream, and XOR is its own inverse, so the same operation reverses it.
How do I decrypt RC4?
Use the RC4 Decryption tool with the same key.