-
Notifications
You must be signed in to change notification settings - Fork 548
Stream Ciphers
Stream ciphers provide only confidentiality. Data integrity and authenticity is not guaranteed. Users should use AEAD ciphers whenever possible.
The following stream ciphers provide reasonable confidentiality.
Name | Key Size | IV Length |
---|---|---|
aes-128-ctr | 16 | 16 |
aes-192-ctr | 24 | 16 |
aes-256-ctr | 32 | 16 |
aes-128-cfb | 16 | 16 |
aes-192-cfb | 24 | 16 |
aes-256-cfb | 32 | 16 |
camellia-128-cfb | 16 | 16 |
camellia-192-cfb | 24 | 16 |
camellia-256-cfb | 32 | 16 |
chacha20-ietf | 32 | 12 |
The following stream ciphers have inherent weaknesses (see discussion at #36). DO NOT USE. Implementors are advised to remove them as soon as possible.
Name | Key Size | IV Length |
---|---|---|
bf-cfb | 16 | 8 |
chacha20 | 32 | 8 |
salsa20 | 32 | 8 |
rc4-md5 | 16 | 16 |
Stream_encrypt is a function that takes a secret key, an initialization vector, a message, and produces a ciphertext with the same length as the message.
Stream_encrypt(key, IV, message) => ciphertext
Stream_decrypt is a function that takes a secret key, an initializaiton vector, a ciphertext, and produces the original message.
Stream_decrypt(key, IV, ciphertext) => message
The key can be input directly from user or generated from a password. The key derivation is following EVP_BytesToKey(3)
in OpenSSL. The detailed spec can be found here: https://wiki.openssl.org/index.php/Manual:EVP_BytesToKey(3)
A stream cipher encrypted TCP stream starts with a randomly generated initializaiton vector, followed by encrypted payload data.
[IV][encrypted payload]
A stream cipher encrypted UDP packet has the following structure
[IV][encrypted payload]
Each UDP packet is encrypted/decrypted independently with a randomly generated initialization vector.