Crypto.Cipher.ARC4, bust or me doing something wrong?

Michael J. Fromberger Michael.J.Fromberger at Clothing.Dartmouth.EDU
Wed Sep 21 00:33:50 CEST 2005

In article <dgpbuu$8eb$1 at>,
 Michael Sparks <michaels at> wrote:

> Hi,
> I suspect this is a bug with AMK's Crypto package from
> , but want to
> check to see if I'm being dumb before posting a bug
> report.
> I'm looking at using this library and to familiarise myself writing
> small tests with each of the ciphers. When I hit Crypto.Cipher.ARC4 I've
> found that I can't get it to decode what it encodes. This might be a
> case of PEBKAC, but I'm trying the following:
> >>> from Crypto.Cipher import ARC4 as cipher
> >>> key = "........"
> >>> obj =
> >>> obj.encrypt("This is some random text")
> ')f\xd4\xf6\xa6Lm\x9a%}\x8a\x95\x8ef\x00\xd6:\x12\x00!\xf3k\xafX'
> >>> X=_
> >>> X
> ')f\xd4\xf6\xa6Lm\x9a%}\x8a\x95\x8ef\x00\xd6:\x12\x00!\xf3k\xafX'
> >>> obj.decrypt(X)
> '\x87\xe1\x83\xc1\x93\xdb\xed\x93U\xe4_\x92}\x9f\xdb\x84Y\xa3\xd4b\x9eHu~'
> Clearly this decode doesn't match the encode. Me being dumb or bug?
> Any comments welcome :)


Since ARC4 is a stream cipher, the keystream changes over time -- with 
ARC4, after each character enciphered.  To decrypt successfully, you 
need to make sure the decrypting keystream exactly matches the 
encrypting one.  

In your example, you used a different keystream to decrypt than you used 
to encrypt -- in this case, a little further downstream of the original 
encryption key.

Contrast your experience above with the following transcript:

>>> from Crypto.Cipher import ARC4 as cipher
>>> enc ="abcdefgh")
>>> dec ="abcdefgh")
>>> x = enc.encrypt("This is some random text")
>>> x
>>> y = dec.decrypt(x)
>>> y
'This is some random text'
>>> enc.decrypt(x)

I hope this helps clear up your confusion.


Michael J. Fromberger             | Lecturer, Dept. of Computer Science  | Dartmouth College, Hanover, NH, USA

More information about the Python-list mailing list