Tools

RC4 Cipher Encrypt and Decrypt Online

RC4 is a symmetric stream cipher. The same key and operation both encrypts and decrypts. Select Text input to encrypt, or Hex / Base64 input to decrypt.

Input

Key

Output Format

Output

Loading RC4 Cipher...

Encrypt or decrypt data using the RC4 (ARC4) stream cipher. RC4 is symmetric - encrypting twice with the same key returns the original data. Supports text, hex, and Base64 formats.

What is RC4-CIPHER?

RC4 (Rivest Cipher 4, also called ARC4 or ARCFOUR) is a stream cipher designed by Ron Rivest in 1987. It generates a pseudo-random keystream from a variable-length key (40 to 2048 bits) and XORs it with the plaintext to produce ciphertext. Because XOR is its own inverse, the same operation with the same key decrypts. RC4 was widely used in WEP, WPA, SSL, TLS, and many software applications before serious vulnerabilities were discovered. RC4 is now deprecated in modern security protocols but remains present in legacy systems, CTF challenges, and malware obfuscation.

Example

Input:

Input: Hello World
Key: secret
Input format: Text

Output:

Output (Hex): d6a3b9c2... (varies by key)

FAQ

Why was RC4 deprecated?
RC4 has several cryptographic weaknesses. The first bytes of its keystream are biased and reveal information about the key. The BEAST, CRIME, and RC4 attacks on TLS demonstrated practical plaintext recovery. RFC 7465 (2015) prohibited RC4 in TLS. WEP and early WPA used RC4 and were both broken. RC4 should not be used in new systems.
Where is RC4 still encountered?
RC4 is found in older TLS configurations, legacy WEP/WPA networks, older Windows authentication protocols (NTLM), older RDP implementations, and malware that uses RC4 for payload obfuscation and command-and-control traffic encryption.
Is RC4 encryption symmetric?
Yes. RC4 generates a keystream and XORs it with data. Encrypting twice with the same key returns the original plaintext. This tool uses the same button for both operations - just enter the ciphertext as input to decrypt.
How is RC4 used in CTF challenges?
CTF challenges often use RC4 to obfuscate strings, flags, or code. Clues include hex-encoded blobs with a corresponding key string in the challenge description or binary. Paste the hex ciphertext, enter the key, and select Text as the output format to recover the flag.