This paper presents several weaknesses in the key scheduling algorithm (KSA) of RC4, highlighting its cryptographic vulnerabilities. The authors identify a large number of weak keys where a small number of key bits can determine many state and output bits with non-negligible probability. These weak keys are used to construct new distinguishers for RC4 and to mount related key attacks with practical complexities. The paper also shows that RC4 is completely insecure in a common mode of operation used in the WEP protocol, where a fixed secret key is concatenated with known IV modifiers to encrypt different messages. A new passive ciphertext-only attack on this mode can recover an arbitrarily long key in negligible time, growing linearly with its size. The paper analyzes the KSA and identifies two significant weaknesses: the invariance weakness and the IV weakness. The invariance weakness is a property of the KSA where certain patterns in the key are preserved in the initial permutation. The IV weakness is a related key vulnerability where part of the key is exposed to the attacker, allowing the attacker to rederive the secret part by analyzing the initial word of the keystreams. These weaknesses are used to construct practical attacks on RC4, including a related key attack that can recover the secret key with a complexity of O(2^{n+ℓ}). The paper also discusses the implications of these weaknesses for the security of RC4, showing that it is vulnerable to attacks in common modes of operation, such as WEP. The authors recommend neutralizing these weaknesses by discarding the first N words of each generated stream or by avoiding the mode of operation where attacker visible IVs are concatenated with a fixed secret key. The paper concludes that RC4 is completely insecure and that its use should be avoided in cryptographic applications.This paper presents several weaknesses in the key scheduling algorithm (KSA) of RC4, highlighting its cryptographic vulnerabilities. The authors identify a large number of weak keys where a small number of key bits can determine many state and output bits with non-negligible probability. These weak keys are used to construct new distinguishers for RC4 and to mount related key attacks with practical complexities. The paper also shows that RC4 is completely insecure in a common mode of operation used in the WEP protocol, where a fixed secret key is concatenated with known IV modifiers to encrypt different messages. A new passive ciphertext-only attack on this mode can recover an arbitrarily long key in negligible time, growing linearly with its size. The paper analyzes the KSA and identifies two significant weaknesses: the invariance weakness and the IV weakness. The invariance weakness is a property of the KSA where certain patterns in the key are preserved in the initial permutation. The IV weakness is a related key vulnerability where part of the key is exposed to the attacker, allowing the attacker to rederive the secret part by analyzing the initial word of the keystreams. These weaknesses are used to construct practical attacks on RC4, including a related key attack that can recover the secret key with a complexity of O(2^{n+ℓ}). The paper also discusses the implications of these weaknesses for the security of RC4, showing that it is vulnerable to attacks in common modes of operation, such as WEP. The authors recommend neutralizing these weaknesses by discarding the first N words of each generated stream or by avoiding the mode of operation where attacker visible IVs are concatenated with a fixed secret key. The paper concludes that RC4 is completely insecure and that its use should be avoided in cryptographic applications.