-
Notifications
You must be signed in to change notification settings - Fork 545
Stream Ciphers
Stream ciphers provide only confidentiality. Data integrity and authenticity is not guaranteed. Users should use AEAD ciphers whenever possible.
The following stream ciphers provide reasonable confidentiality.
| Name | Key Size | IV Length |
|---|---|---|
| aes-128-ctr | 16 | 16 |
| aes-192-ctr | 24 | 16 |
| aes-256-ctr | 32 | 16 |
| aes-128-cfb | 16 | 16 |
| aes-192-cfb | 24 | 16 |
| aes-256-cfb | 32 | 16 |
| camellia-128-cfb | 16 | 16 |
| camellia-192-cfb | 24 | 16 |
| camellia-256-cfb | 32 | 16 |
| chacha20-ietf | 32 | 12 |
The following stream ciphers have inherent weaknesses (see discussion at #36). DO NOT USE. Implementors are advised to remove them as soon as possible.
| Name | Key Size | IV Length |
|---|---|---|
| bf-cfb | 16 | 8 |
| chacha20 | 32 | 8 |
| salsa20 | 32 | 8 |
| rc4-md5 | 16 | 16 |
Stream_encrypt is a function that takes a secret key, an initialization vector, a message, and produces a ciphertext with the same length as the message.
Stream_encrypt(key, IV, message) => ciphertext
Stream_decrypt is a function that takes a secret key, an initializaiton vector, a ciphertext, and produces the original message
Stream_decrypt(key, IV, ciphertext) => message
A stream cipher encrypted TCP stream starts with a randomly generated initializaiton vector, followed by encrypted payload data.
[iv][encrypted payload]
A stream cipher encrypted UDP packet has the following structure
[iv][encrypted payload]
Each UDP packet is encrypted/decrypted independently with a randomly generated initialization vector.