Couldn't we modify RC4 easily to provide the same security against brute-force attacks by just running the key-setup phase 65536 times instead of just once? Why would the attacker need to run the key setup 65536 times?