I found an implementation of a random number generator today, and the comments said it was using the RC4 algorithm, not to encrypt, but just as a source of randomness. I was intrigued.

RC4 is a symmetric encryption algorithm developed by RSA Security. A key is used to initialize a random number generator. The output of the generator is XOR-ed with the cleartext to produce the cipher. The strength of the cipher is dependent on the “strength” of the randomness, that is, how hard it is to predict what the next random byte will be. (The name is because it was the fourth Rivest Cipher).

The algorithm was proprietary until it was leaked in 1994. Since then, it has been subjected to a great deal of analysis, some of it quite abstruse.

The analysis shows certain subtle weaknesses in RC4. Others have tried to create new similar algorithms without the same weaknesses. For example, Bob Jenkins created ISAAC. Until the mathematicians have spent a decade poring over ISAAC output, there’s really no way to know if it has other unidentified weaknesses.

By the way: Bob Jenkin’s web site is full of all sorts of other interesting stuff, including hashing, perpetual motion machines, and jenny, the combinatorial testing tool I mentioned last month.

## Comments

Mark Eichin9:52 PM on 29 Jun 2004Any cryptographic function can be used as a prng; the trick is that people then try to use that prng as keying material, which is "cheating" or rather cryptographically unsound. It's a fine way to get "statistically random" output, where predictability isn't a concern. Also, the leaked rc4 was called "arcfour" for a number of years: "Alleged" rc4 :-)

Holger8:58 AM on 1 Jul 2004Using a cipher to generate pseudo-random numbers is actually considered good practice. The X9.17 standard used DES I believe (it might even allow others; I don't have it handy here).

Damien Katz4:41 PM on 2 Jul 2004Abstruse? Maybe that should be your word of the day.

## Add a comment: