In message <[EMAIL PROTECTED]>, Chris
Duffy writes:
>I was searching around and chanced upon your list. I am trying to compare
>RC4 vs RC5 encryption. Can someone fill me in on the
>advantages/disadvantages of these two? Thanks,
They're not related.
RC4 is a stream cipher. It's very fast per byte; key setup is roughly
equivalent to encrypting 256 bytes. As with all "generate a key stream
and XOR with the data" ciphers, you have to be very careful to avoid
reusing the same key stream. Also, in the absence of a
cryptographically strong integrity check mechanism, it is possible for
an attacker to introduce predictable changes in the eventual plaintext.
RC4 is very widely used, with TLS.
RC5 is a block cipher, and is used with the same modes of operation as
other block ciphers. RC5 is not widely used.
In the legal arena, RC4 is a trademark; the non-RSA implementations are
sometimes referred to as "ARC4". There's a long story about the
original appearance of the code on the net, but I won't go into it now.
RC5 is protected by patents.
To forestall the next question, RC6 is also a block cipher, using some
of the same design principles as RC5. RC6 is one of the five AES
finalists. If it is selected as the winner, the owner has agreed to
(in effect) waive its patent rights for use in AES. If it isn't
selected -- well, I don't believe there are any guarantees on that.
--Steve Bellovin
