"RC4" as used herein, is used to identify an apparently reverse-engineered algorithm recently posted to sci.crypt that claimed it was compatible with the RC4 sold by RSA Data Security, Inc. (RSADSI) and/or Public Key Partners (PKP). Although the reaction of RSADSI and the press indicates that the two algorithms are the same, I could have missed something.

I suggest that someone apply for expedited export permission for some small piece of software that uses the "apparent reverse-engineered RC4". Tell them that you want to export crypto software containing RC4 on the 7-day plan. The State Department will send you a set of test-vectors which you can use to prove that you're really using the real RC4. If you pass, and are given export permission, then I guess the rev-eng version is the real thing. Be sure your keys are 40 bits or less (only for purposes of the test export; I don't recommend short keys for any other purpose). Full bureaucratic details are at ftp://ftp.cygnus.com/pub/export/cjr.kit. Search for "test vector". This info is also reachable from my Web page on crypto export, http://www.cygnus.com/~gnu/export.html. Please email me a full copy of any CJ that you submit, so I can add it to the Web page (along with the eventual response from the gov't). John Gilmore