RC2 is a variable-key-size symmetric block cipher and can serve as a
drop-in replacement for DES, for example in export versions of products
otherwise using DES. RC2 can be used in the same modes as DES (see Question
3.5.3), including triple encryption. RC2 is approximately twice
as fast as DES, at least in software. RC4 is a variable-key-size symmetric
stream cipher and is 10 or more times as fast as DES in software. Both RC2
and RC4 are very compact in terms of code size.
An agreement between the Software Publishers Association (SPA) and the U.S. government gives RC2 and RC4 special status by means of which the export approval process is simpler and quicker than the usual cryptographic export process. However, to qualify for quick export approval a product must limit the RC2 and RC4 key sizes to 40 bits; 56 bits is allowed for foreign subsidiaries and overseas offices of U.S. companies. An additional 40-bit string, called a salt, can be used to thwart attackers who try to precompute a large look-up table of possible encryptions. The salt is appended to the encryption key, and this lengthened key is used to encrypt the message; the salt is then sent, unencrypted, with the message. RC2 and RC4 have been widely used by developers who want to export their products; DES is almost never approved for export. RC2 and RC4 are proprietary algorithms of RSA Data Security, Inc.; details have not been published.