What are the RC4, RC5, and RC6 algorithms?

Anton P. | September 21, 2023

RC1, RC2, RC4, RC5, and RC6 are RC algorithms categorized as symmetric-key encryption methods. Each RC algorithm differs, and various use cases exist for their application. However, while six encryption algorithms exist, only four became potential candidates for securing data. 

Let’s see how each RC algorithm works, their use cases, and which are suitable for modern encryption. 

Learn about RC4, RC5, and RC6 encryption.

Explaining RC algorithms: RC1, RC2, RC3, RC4, RC5, and RC6

RC stands for Rivest Cipher, from the creator of these encryption algorithms, Ron Rivest. More informally, RC can mean Ron’s Code, too. All versions of RC belong to the symmetric encryption family. 

However, while they carry similar names, their operation is mostly unrelated. They do share specific attributes, like most of them being block ciphers. But, for instance, RC4 is a stream cipher, and its encryption process differs significantly from other RC algorithms. 

The truth behind RC1, RC2, and RC3

RC1, RC2, and RC3 algorithms share some unfortunate history. In many cases, the algorithm never saw the light of day. In other cases, external factors interfered with its broader application. Thus, let’s discuss the fate of some of the RC algorithms. 

Note: we write on RC1, RC2, and RC3 for legacy purposes and to reveal how RC algorithms developed.

Private Christmas & a safe New Year!



RC1 represents the beginning of RC algorithms. However, Rivest never published the algorithm. The RC1 served as the basis for other RC symmetric-key algorithms. 


RC2 was a block cipher that should have become an alternative for the DES (Data Encryption Standard) algorithm. Developed in 1987, it used variable length keys ranging between 1 to 128 bytes. 

Many experts and organizations treated RC2 as a secure option in cryptography. However, RC2 was a secret algorithm, meaning the digital communities did not know it existed. Everything shifted in 1996 when the source code for RC2 surfaced on Usenet. Thus, the algorithm saw its official release only in 1998. 


RC3 was also a short-lived algorithm. Experts broke RC3 during its development. Hence, RC3 never completely made its way into the mainstream.  

Why are RC4, RC5, and RC6 the most well-known algorithms? 

The first three versions of RC algorithms lacked practical implementations. Nonetheless, RC4, RC5, and RC6 proved to be more successful. Many have accepted these, with RC6 competing against AES (Advanced Encryption Standard).   

RC4 (ARC4 or ARCFOUR, meaning Alleged RC4)

RC4 is a stream cipher, which was also a secret until its code leaked in the Cypherpunks mailing list. Its most attractive characteristics include its relatively simple application and speed. 

So, RC4 became a part of noteworthy procedures like SSL and TLS protocol and WEP wireless security standards. It also is a pseudo-random generation algorithm for a pseudo-random stream of bits. 

RC4 employs the key-scheduling algorithm and is quite efficient in its memory use. For instance, it uses 256 bytes of memory for the state array and needs only byte manipulations overall. 

  • However, vulnerabilities began clouding the implementation of RC4. Rumors also indicated that some cryptologic agencies might be able to break RC4 security in TLS. So, most recommendations are against using RC4 for TLS. 
  • RC4 has other vulnerabilities, making this algorithm insecure. One instance shows that if RC4 were to generate the keystream of output and not discard its beginning. 
  • RC4, like many stream ciphers, might also be vulnerable to a bit-flipping attack. It means attackers manipulate the ciphertext to predict the potential change in the plaintext. 
  • You can also find updated redesigns of RC4. Spritz is one attempt, but it is slower than other cryptographic hash functions.  


RC5 is a symmetric algorithm encrypting data in varied block sizes (32, 64, or 128 bits). In fact, it uses a variable number of rounds, word sizes, and keys. RC5 encryption has the potential to have practical applications. 

It is a fast algorithm suitable for many hardware or software solutions. However, the security RC5 encrypted text rests on the variables chosen. 

For instance, the key used must be long, and experts require 18-20 rounds. If chosen variables are lacking, the protection is weaker. 


RC6 is a symmetric block cipher and a successor to RC5. Its purpose was to fulfill the requirements for the AES competition. It encrypts data in blocks of 128 bits. 

The key sizes of RC6 can differ: 128, 192, and 256 bits (up to 2040 bits). Similar to RC5, this algorithm also supports a variety of key lengths, rounds, and word sizes. 

Security of RC algorithms 

Each RC algorithm offers different levels of security. For instance, RC4 is vulnerable, so experts discourage its usage. However, it is still possible to find its applications in the wild. 

RC5 can be secure if the providers choose appropriate variables for key sizes and rounds. For instance, short key lengths are in danger of brute-forced attacks. 

RC6 seems like the most secure and flexible algorithm out of all RC methods. Its patents expired between 2015 and 2017. So, providers from various industries can use RC6 more freely. 

Encryption world and growing computing power 

Many encryption algorithms become weaker because of the increasing computing power. Thus, strategies that were solid at their release might struggle to cope with the current potential for brute-force attacks. 

Thus, when relying on a particular encryption algorithm, opting for the most secure option is best. For instance, there are better options than picking the shortest key lengths available with RC6. Instead, choose long key sizes that are far more difficult to compromise. 

The same principle applies to other encryption algorithms. Atlas VPN, for example, works with AES-256, the most secure key length available. We also pay close attention to any changes in the cryptographic world to offer the utmost security.

Anton P.

Anton P.

Former chef and the head of Atlas VPN blog team. He's an experienced cybersecurity expert with a background of technical content writing.


encryptiondata security

© 2023 Atlas VPN. All rights reserved.