|(cryptography)||RC4 - A cipher designed by RSA Data Security, Inc. which can accept keys of arbitrary length, and is
essentially a pseudo random number generator with the output
of the generator being XORed with the data stream to produce
the encrypted data. For this reason, it is very important
that the same RC4 key never be used to encrypt two different
data streams. The encryption mechanism used to be a trade
secret, until someone posted source code for an algorithm
onto Usenet News, claiming it to be equivalent to RC4. The
algorithm is very fast, its security is unknown, but breaking
it does not seem trivial either. There is very strong
evidence that the posted algorithm is indeed equivalent to
The United States government routinely approves RC4 with 40-bit keys for export. Keys this small can be easily broken by governments, criminals, and amateurs. The exportable version of Netscape's Secure Socket Layer, which uses RC4-40, was broken by at least two independent groups. Breaking it took about eight days; in many universities or companies the same computing power is available to any computer science student.
See also Damien Doligez's SSL cracking page, RC4 Source and Information, SSLeay, Crypto++, Ssh, A collection of articles.