RC4 Key Dependency

Overview

Click on the above image to start and stop the simulation. This applet generates many random key pairs for RC4. The two keys are then each used to generate a stream of 256 bytes, and the two streams are subtracted. The statistics for the resulting list of differences are then stored and averaged over many runs.

In the upper-left corner, the two keys are random and independent. The 256 differences are listed from left to right, wrapping around to fill 16 rows. It is clear that it is slightly nonuniform, meaning that there is a slight correllation between the streams, especially at the beginning.

The upper-right shows pairs of keys where the first 8 bytes are the same. Note that the first 8 bytes of the resulting stream has a strong correlation (a low expected difference). This shows that there is a very strong relationship of the first N bytes of the RC4 stream on the first N bytes of the key. This is a known flaw in the algorithm, and it is usually addressed by discarding the first 256 bytes of the stream.

The two images on the bottom are identical to the top, except they show the NEXT 256 bytes of stream after the first 256 bytes have been discarded. Note that they look far more uniform, and show almost no relationship to the first few bytes of the key. This shows that the standard fix works well. However, not that the graph on the right is scaled to show very subtle differences that aren't immediately apparent in the color coding. So even with the standard fix, there are slight imperfections in the key stream distribution.