ccryptanalysisrc4-cipher

How to find RC4 key from decrypted and encrypted data?


I have some dump analysis in a documentation showing a bunch of encrypted data, and the resulting decrypted data. The algorithm used is explained (simple RC4). The only piece of information missing is the key used to get from the encrypted to the decrypted data.

I'm writing an automated test from this documentation material. I could chose some key of my own and recreate encrypted data from cleartext, but I wonder if there is any easy cryptanalysis way to find the original key that was used to encrypt the original bunch of data.

A brute force approach is probably possible as the key is quite small, but I'm much more interrested to know if any smarter approach exists.

Below is my current C encryption code (using OpenSSL):

unsigned char source[16] = {
    0xdb, 0xa3, 0x13, 0x30, 0x79, 0xa3, 0xcd, 0x9e,
    0x48, 0xf4, 0x8f, 0x06, 0x37, 0x1b, 0x45, 0xdd};
unsigned char expected_target[16] = {
    0x00, 0x00, 0x06, 0x00, 0x0e, 0x00, 0x00, 0x00,
    0x6d, 0x69, 0x63, 0x72, 0x6f, 0x73, 0x6f, 0x66};
unsigned char target[16] = {};
unsigned char key[16] = {};

RC4_KEY crypt_key;
RC4_set_key(&crypt_key, 16, key);
RC4(&crypt_key, 16, source, target);

printf("key    = [%02x %02x %02x %02x %02x %02x %02x %02x "
               "- %02x %02x %02x %02x %02x %02x %02x %02x]\n",
    key[0], key[1], key[2], key[3],
    key[4], key[5], key[6], key[7],
    key[8],  key[9], key[10], key[11],
    key[12], key[13], key[14], key[15]);

printf("source = [%02x %02x %02x %02x %02x %02x %02x %02x "
               "- %02x %02x %02x %02x %02x %02x %02x %02x]\n",
    source[0], source[1], source[2], source[3],
    source[4], source[5], source[6], source[7],  
    source[8], source[9], source[10], source[11],
    source[12], source[13], source[14], source[15]);

printf("target = [%02x %02x %02x %02x %02x %02x %02x %02x "
               "- %02x %02x %02x %02x %02x %02x %02x %02x]\n",
    target[0], target[1], target[2], target[3],
    target[4], target[5], target[6], target[7],
    target[8], target[9], target[10], target[11],
    target[12], target[13], target[14], target[15]);

printf("expected_target = [%02x %02x %02x %02x %02x %02x %02x %02x "
                        "- %02x %02x %02x %02x %02x %02x %02x %02x]\n",
    expected_target[0], expected_target[1], expected_target[2], expected_target[3],
    expected_target[4], expected_target[5], expected_target[6], expected_target[7],
    expected_target[8], expected_target[9], expected_target[10], expected_target[11],
    expected_target[12], expected_target[13], expected_target[14], expected_target[15]);

Solution

    1. No. There are no efficient RC4-cracking methods known.

    2. You need millions of years to brute-force 128-bit key. You could try to use password lists.