Cryptographic weakness due to RC4 cipher usage in PyCryptodome

High Risk Cryptographic Vulnerabilities
pythoncryptographypycryptodomestream-cipherrc4plaintext-recovery

What it is

The RC4 stream cipher is cryptographically broken and vulnerable to multiple attacks. RC4 has known biases in its keystream that allow attackers to recover plaintext and provides no built-in authentication, making it susceptible to tampering. Using RC4 exposes applications to plaintext recovery and data manipulation attacks.

from Crypto.Cipher import ARC4
from Crypto.Random import get_random_bytes

# VULNERABLE: Using broken RC4/ARC4 cipher
def encrypt_data(data, key):
    cipher = ARC4.new(key)
    ciphertext = cipher.encrypt(data.encode())
    return ciphertext

def decrypt_data(ciphertext, key):
    cipher = ARC4.new(key)
    plaintext = cipher.decrypt(ciphertext)
    return plaintext.decode()

# Usage
key = get_random_bytes(16)
encrypted = encrypt_data("sensitive data", key)
decrypted = decrypt_data(encrypted, key)
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes

# SECURE: Using AES-GCM authenticated encryption
def encrypt_data(data, key):
    nonce = get_random_bytes(12)
    cipher = AES.new(key, AES.MODE_GCM, nonce=nonce)
    ciphertext, auth_tag = cipher.encrypt_and_digest(data.encode())
    return {'nonce': nonce, 'ciphertext': ciphertext, 'auth_tag': auth_tag}

def decrypt_data(encrypted_data, key):
    cipher = AES.new(key, AES.MODE_GCM, nonce=encrypted_data['nonce'])
    plaintext = cipher.decrypt_and_verify(
        encrypted_data['ciphertext'],
        encrypted_data['auth_tag']
    )
    return plaintext.decode()

# Usage
key = get_random_bytes(32)
encrypted = encrypt_data("sensitive data", key)
decrypted = decrypt_data(encrypted, key)

💡 Why This Fix Works

The vulnerable code uses RC4/ARC4, a broken stream cipher with statistical biases that allow plaintext recovery. The fixed version uses AES-GCM which provides both confidentiality and authentication, protecting against tampering.

Why it happens

Code uses RC4: from Crypto.Cipher import ARC4; cipher = ARC4.new(key). RC4 cryptographically broken. Biases in keystream enable practical attacks. WEP and WPA-TKIP vulnerabilities based on RC4. Distinguished from random with 2^24-2^26 bytes. Deprecated by IETF RFC 7465. Forbidden in TLS.

Root causes

Using RC4 (ARC4) Cipher from PyCryptodome

Code uses RC4: from Crypto.Cipher import ARC4; cipher = ARC4.new(key). RC4 cryptographically broken. Biases in keystream enable practical attacks. WEP and WPA-TKIP vulnerabilities based on RC4. Distinguished from random with 2^24-2^26 bytes. Deprecated by IETF RFC 7465. Forbidden in TLS.

Legacy WEP or WPA-TKIP Wireless Encryption

Wireless systems using RC4-based protocols. WEP completely broken. WPA-TKIP deprecated. Key recovery attacks practical. Aircrack-ng and similar tools crack in minutes. Modern wireless should use WPA3 or WPA2-AES. RC4 in wireless networks completely insecure.

Using RC4 for Stream Cipher Requirements

Choosing RC4 as stream cipher. Perceived simplicity and speed. Not understanding RC4 weaknesses. Alternatives like ChaCha20 better in every way. RC4 historical choice for software stream cipher. Modern applications should never use RC4.

RC4 in Legacy SSL/TLS Implementations

Old TLS configurations with RC4 cipher suites. TLS_RSA_WITH_RC4_128_SHA and similar. Browsers and servers deprecated RC4. BEAST attack mitigation historically used RC4. Modern TLS 1.3 completely removes RC4. Legacy TLS 1.0/1.1 systems may still use RC4.

Using RC4 Based on Outdated Performance Benchmarks

Believing RC4 fast for software encryption. Historical performance advantage over DES/3DES. Modern CPUs with AES-NI make AES faster. ChaCha20 comparable speed without vulnerabilities. Performance justification obsolete with modern hardware and ciphers.

Fixes

1

Replace RC4 with AES-256-GCM for Encryption

Use AES-GCM: from Crypto.Cipher import AES; cipher = AES.new(key, AES.MODE_GCM). Modern authenticated encryption. Hardware acceleration. Secure and fast. AES-256-GCM industry standard for encryption. No reason to use RC4 when AES available.

2

Use ChaCha20-Poly1305 for Stream Cipher Applications

Modern stream cipher: from cryptography.hazmat.primitives.ciphers.aead import ChaCha20Poly1305; cipher = ChaCha20Poly1305(key); ciphertext = cipher.encrypt(nonce, plaintext, None). Fast in software. Secure design. Google/TLS 1.3 adoption. Better than RC4 for all stream cipher needs.

3

Upgrade Wireless Networks to WPA3 or WPA2-AES

Replace WEP/WPA-TKIP immediately: configure WPA3-SAE or WPA2-AES (CCMP). AES-128-CCM mode for wireless. Disable WEP and TKIP in access point configuration. Update client devices. WPA3 provides forward secrecy. Modern wireless security essential.

4

Disable RC4 in TLS/SSL Configuration

Exclude RC4 from cipher suites: import ssl; context = ssl.create_default_context(); context.set_ciphers('HIGH:!RC4:!aNULL:!eNULL'). Server and client TLS configuration. Require TLS 1.2 minimum: context.minimum_version = ssl.TLSVersion.TLSv1_2. Modern TLS completely removes RC4.

5

Scan Infrastructure for RC4 Usage and Eliminate

Find RC4 in code: grep -r 'ARC4\|RC4' --include="*.py". Network scan for services offering RC4 cipher suites: nmap --script ssl-enum-ciphers. Database queries for RC4 configuration. Complete audit and removal. Zero tolerance for RC4.

6

Implement Cryptographic Algorithm Policy

Document approved algorithms: policy listing AES-256-GCM, ChaCha20-Poly1305. Explicit RC4 prohibition. Security review for all cryptographic code. Static analysis checking for weak ciphers. CI/CD gates preventing deprecated algorithms. Organizational standards preventing weak cryptography.

Detect This Vulnerability in Your Code

Sourcery automatically identifies cryptographic weakness due to rc4 cipher usage in pycryptodome and many other security issues in your codebase.

Scan Your Code for Free Explore More Vulnerabilities