-
Notifications
You must be signed in to change notification settings - Fork 550
Stream Ciphers
Stream ciphers are completely broken and will be removed soon. New users must use AEAD ciphers.
This historic document is for educational purposes only.
Stream_encrypt is a function that takes a secret key, an initialization vector, a message, and produces a ciphertext with the same length as the message.
Stream_encrypt(key, IV, message) => ciphertext
Stream_decrypt is a function that takes a secret key, an initializaiton vector, a ciphertext, and produces the original message.
Stream_decrypt(key, IV, ciphertext) => message
The key can be input directly from user or generated from a password. The key derivation is following EVP_BytesToKey(3)
in OpenSSL. The detailed spec can be found here: https://wiki.openssl.org/index.php/Manual:EVP_BytesToKey(3)
A stream cipher encrypted TCP stream starts with a randomly generated initializaiton vector, followed by encrypted payload data.
[IV][encrypted payload]
A stream cipher encrypted UDP packet has the following structure
[IV][encrypted payload]
Each UDP packet is encrypted/decrypted independently with a randomly generated initialization vector.
Name | Key Size | IV Length |
---|---|---|
aes-128-ctr | 16 | 16 |
aes-192-ctr | 24 | 16 |
aes-256-ctr | 32 | 16 |
aes-128-cfb | 16 | 16 |
aes-192-cfb | 24 | 16 |
aes-256-cfb | 32 | 16 |
camellia-128-cfb | 16 | 16 |
camellia-192-cfb | 24 | 16 |
camellia-256-cfb | 32 | 16 |
chacha20-ietf | 32 | 12 |
bf-cfb | 16 | 8 |
chacha20 | 32 | 8 |
salsa20 | 32 | 8 |
rc4-md5 | 16 | 16 |