RC4 Encryption Algorithm for VBA and VBScript

**shippwreck** · Sep 21 '15, 01:09 PM

Hi,

I have been looking at your RC4 example above and believe that I have it working. For example to encrypt the string "Test" with the key "Key" (both without quotes) it returns:

9F2C10F8

This will decrypt fine within the tool as well (as will any other data I throw into it) however when I try and validate the work against an independent implementation of RC4 on the internet, such as http://rc4.online-domain-tools.com/ it returns:

t³gy

Now, I'll be the first to admit that I know very little about encryption, so i'm asuming that I am missing something very obvious here?

The purpose of this is to provide encryption to CSV files. They are created by Excel and sent to an Oracle DB that will need to decrypt them and load the files, however I don't want to suggest a solution to the Oracle Devs before I understand how I am going to implement it myself ;-)

Thanks

**Rabbit** · Sep 21 '15, 05:33 PM

The first output you have is in hexadecimal format. The second output you have there is in ASCII format. However, they're not going to match up anyways because my implementation drops the first 3072 bytes of the key stream for additional security.

**shippwreck** · Sep 21 '15, 09:04 PM

Sorry, I meant that when I encrypt the string with the VBA it returns the Hex above, but when I put that Hex output through a different decrypting tool it returns the ASCII which is obviously not the original message, anyway...

What you're saying is that because your implementation drops the first 3072 bytes for added security it wont produce the same output as the site I mentioned. What would I need to do to replicate the sites output. I tried simply swapping the 3 instances of 3072 for 0 and 768 (as you mentioned that in the text above) but I'm clearly missing something key as I still do not get the same results.

The reason I'm asking isn't because I actually want to implement a less secure version, but I know that the first thing the Oracle Devs will do is pass test outputs through an online tool to validate the solution and if I can't match up a baseline, then there'll be no chance of implementing your more secure version.

Thanks for your help!

**Rabbit** · Sep 21 '15, 09:32 PM

Comment out lines 23-29 in the code block above.

It validates fine with the link you posted. I just checked it.

**shippwreck** · Sep 21 '15, 10:37 PM

hmmm, thanks for getting back so quick, I'm still however not able to validate it. So that you know I'm using Excel 2013 on Windows 10. I have created a new blank spreadsheet, pasted the code in the article (not from the attached sheet) into the code module for Sheet1 and commented out the lines you mentioned. I have then added a quick sub with one line, Debug.Print RunRC4("test", "Key"). It outputs:

_J€R

This is different to the site (9F FA 04 F5). Are you running the code in Excel as well? I was wondering if this was an instance of VBA badly interpreting characters somewhere along the line. To double check this I pulled the input from the last line to chr() and got:

95, 74, 128, 82 or 5F 4A 80 52

**ADezii** · Sep 22 '15, 01:31 PM

For what it is worth, here is a Demo that I use for 2 Versions of RC4. To the best of my knkowledge, I based this Demo on Rabitt's Posts regarding this Thread.

Attached Files

RC4.zip (22.2 KB, 413 views)

**shippwreck** · Sep 22 '15, 03:36 PM

Thanks, I took a look and at the heart of it, your RC4 is (as you say) based on Rabbit's and produces the same results that I see in my version... which as far as I can work out is different to others on the internet???

For the record, I don't think that Rabbit's code is wrong, if there was an error in it, i'm sure it would have been spotted in the nearly 5 years since it was created ;-) I am assuming that I must be mis-interpreting the output somewhere along the line... I just can't seem to work out where!

So that you can all see what i'm working with, here is the excel file (saved as 2003 xls format) that I have been working on to share with the DB guys. (It doesn't have any error handling in it, so for instance if you click to decrypt a file and the file doesn't exist you will get a nasty VBA error... sorry!)

For the record the output that I get for "Test" with the key "Key" (and dropping 0 bytes of the keystream) is 7F4A8052 where as I believe the correct output is BFFA04F5.

Anyhelp is much appreciated!

**Rabbit** · Sep 22 '15, 05:48 PM

I was using a vbs file to test the values. And when I went to compare the code with the code in this thread, I discovered a discrepancy. I must have discovered the flaw in the code a while back but forgot to post an update to this thread. I have updated the code above. Anyone using this code should update their code as well. Sorry for all the confusion.

**shippwreck** · Sep 22 '15, 07:04 PM

Ah, well at least we have got to the bottom of it!

I have added a new version of the Excel tool that I built around your code.

Thanks very much for all your work on this it will really help me out!!!

Attached Files

Encrypt-Decrypt.xls (74.5 KB, 917 views)

**NeoPa** · Sep 23 '15, 01:07 AM

Good work ShippWreck, and delicately handled ;-)

@Rabbit.
Can you give details of the change(s) so that I can update my code and post a replacement attachment?

**Rabbit** · Sep 23 '15, 04:10 PM

Glad you got everything working for you and thanks for helping to discover that the code in the thread was outdated!

@NeoPa, references to Mod 255 were changed to Mod 256.

**Rabbit** · Sep 23 '15, 04:31 PM

A note on the base RC4 algorithm. It's considered very insecure. It's one of the reasons why WEP is no longer recommended for wifi security. It can be broken with a few minutes of data from scanning the encrypted wifi packets. At the very least, you should drop the first few thousand bytes of the keystream. There are also variations on the RC4 algorithm that may be slightly more secure.

And the next piece of advice is for all encryption algorithms, you should incorporate a "salt" or "initializa tion vector" into the algorithm. What this is, is a known value that is used to change the key so that multiple encryptions of the same value with the same key result in different encrypted outputs.

**NeoPa** · Sep 25 '15, 01:24 PM

Right. I've quickly updated that now so that it should show the correct hex value. If someone could run a quick eye over it to confirm it does what it should then I'll add it to the OP (replacing the original).

Attached Files

RC4.Zip (12.1 KB, 3726 views)

**Rabbit** · Sep 25 '15, 04:27 PM

Looks, good. Thanks NeoPa

**NeoPa** · Sep 25 '15, 04:52 PM

Cheers Rabbit. OP updated.