Why the recent RC4 attack doesn't surprise me.

• 2012-01-02: I release break_rc4https.c to demonstrate my earlier descriptions on IRC of how to recover plaintext from many RC4 ciphertexts. I also describe using the biases more effectively.
• 2012-08-10: Scott Fluhrer describes how to recover plaintext with the same biases.
• 2012-12-09: I release rc4bias.js, one of my implementations of the same thing, having sat on it since about 2012-09-13.
• 2013-03-12: Incredible new find! Plaintext recovery from many RC4 ciphertexts, via djb et al. Suggested countermeasure: "discard the beginning of the keystream", ignoring the fact that prior attacks like this already work regardless of how much you discard.