Stream ciphers
Stream ciphers are completely broken and will be removed soon. New users must use AEAD ciphers.
This historic document is for educational purposes only.
Stream Encryption/Decryption
Stream_encrypt is a function that takes a secret key, an initialization vector, a message, and produces a ciphertext with the same length as the message.
Stream_encrypt(key, IV, message) => ciphertextStream_decrypt is a function that takes a secret key, an initialization vector, a ciphertext, and produces the original message.
Stream_decrypt(key, IV, ciphertext) => messageThe key can be input directly from user or generated from a password. The key derivation is following EVP_BytesToKey(3) in OpenSSL. The detailed spec can be found here: https://wiki.openssl.org/index.php/Manual:EVP_BytesToKey(3)
TCP
A stream cipher encrypted TCP stream starts with a randomly generated initialization vector, followed by encrypted payload data.
[IV][encrypted payload]UDP
A stream cipher encrypted UDP packet has the following structure
[IV][encrypted payload]Each UDP packet is encrypted/decrypted independently with a randomly generated initialization vector.
Historic stream ciphers
| Name | Key Size | IV Length |
|---|---|---|
| aes-128-ctr | 16 | 16 |
| aes-192-ctr | 24 | 16 |
| aes-256-ctr | 32 | 16 |
| aes-128-cfb | 16 | 16 |
| aes-192-cfb | 24 | 16 |
| aes-256-cfb | 32 | 16 |
| camellia-128-cfb | 16 | 16 |
| camellia-192-cfb | 24 | 16 |
| camellia-256-cfb | 32 | 16 |
| chacha20-ietf | 32 | 12 |
| bf-cfb | 16 | 8 |
| chacha20 | 32 | 8 |
| salsa20 | 32 | 8 |
| rc4-md5 | 16 | 16 |