RC2 and RC4 are both public key systems -- then why wouldn't factoring the key prove equally as (greatly more) effective as with attacks on RSA/PGP. __pardon_my_misunderstanding__but__? We're getting far off-topic here, but it's still security-related, so I'll answer. RC2 and RC4 are *not* public key systems. They are symmetric cryptosystems invented by Ron Rivest. RC2 is a block cipher, much like DES. That is, it takes fixed-length input blocks and transforms them into fixed-length output blocks. (I think, but I'm not certain, that the block size is 8 bytes.) Using a block cipher properly is *not* simply a matter of encrypting each 8 bytes of the file in turn. You have to use one of several ``modes of operation''; these are covered in any elementary cryptography text, and are (I think) discussed in the sci.crypt FAQ. RC4 is a stream cipher. That is, encrypts one byte at a time, and as such is well-suited for things like encrypted terminal sessions. Block ciphers, with suitable modes of operation, can be used as stream ciphers, but with a moderate loss of efficiency. Both RC2 and RC4 take variable-length keys. With a 5-byte key, they're approved for export from the U.S. With a longer key, they're much more secure. Note that 40 bits is well within the brute force range, though I suspect that you'd need special-purpose hardware to do it economically. If my math is right, at .1 ms per trial, it would take about 3.5 years to exhaust the key space, so you'd have to do it in parallel. It's also somewhere between possible and likely that NSA knows of some shortcuts for 40 bit RC2 or RC4 that would reduce the search space considerably. But they don't need to; they can easily afford the hardware. RC2 and RC4 are both trade secrets of RSA Data Security, Inc. A bootleg version of RC4 was posted to the net last year; from everything I've heard, including some comments from Jim Bidzos, the president of RSADSI, it was the real thing.