Skip to content

Stream Ciphers

Max Lv edited this page Nov 30, 2017 · 11 revisions

Stream ciphers provide only confidentiality. Data integrity and authenticity is not guaranteed. Users should use AEAD ciphers whenever possible.

The following stream ciphers provide reasonable confidentiality.

Name Key Size IV Length
aes-128-ctr 16 16
aes-192-ctr 24 16
aes-256-ctr 32 16
aes-128-cfb 16 16
aes-192-cfb 24 16
aes-256-cfb 32 16
camellia-128-cfb 16 16
camellia-192-cfb 24 16
camellia-256-cfb 32 16
chacha20-ietf 32 12

The following stream ciphers have inherent weaknesses (see discussion at #36). DO NOT USE. Implementors are advised to remove them as soon as possible.

Name Key Size IV Length
bf-cfb 16 8
chacha20 32 8
salsa20 32 8
rc4-md5 16 16

Stream Encryption/Decryption

Stream_encrypt is a function that takes a secret key, an initialization vector, a message, and produces a ciphertext with the same length as the message.

Stream_encrypt(key, IV, message) => ciphertext

Stream_decrypt is a function that takes a secret key, an initializaiton vector, a ciphertext, and produces the original message.

Stream_decrypt(key, IV, ciphertext) => message

The key can be input directly from user or generated from a password. The key derivation is following EVP_BytesToKey(3) in OpenSSL. The detailed spec can be found here: https://wiki.openssl.org/index.php/Manual:EVP_BytesToKey(3)

TCP

A stream cipher encrypted TCP stream starts with a randomly generated initializaiton vector, followed by encrypted payload data.

[IV][encrypted payload]

UDP

A stream cipher encrypted UDP packet has the following structure

[IV][encrypted payload]

Each UDP packet is encrypted/decrypted independently with a randomly generated initialization vector.

Clone this wiki locally