Skip to content
On this page

Stream ciphers

Stream ciphers are completely broken and will be removed soon. New users must use AEAD ciphers.

This historic document is for educational purposes only.

Stream Encryption/Decryption

Stream_encrypt is a function that takes a secret key, an initialization vector, a message, and produces a ciphertext with the same length as the message.

Stream_encrypt(key, IV, message) => ciphertext

Stream_decrypt is a function that takes a secret key, an initializaiton vector, a ciphertext, and produces the original message.

Stream_decrypt(key, IV, ciphertext) => message

The key can be input directly from user or generated from a password. The key derivation is following EVP_BytesToKey(3) in OpenSSL. The detailed spec can be found here: https://wiki.openssl.org/index.php/Manual:EVP_BytesToKey(3)

TCP

A stream cipher encrypted TCP stream starts with a randomly generated initializaiton vector, followed by encrypted payload data.

[IV][encrypted payload]

UDP

A stream cipher encrypted UDP packet has the following structure

[IV][encrypted payload]

Each UDP packet is encrypted/decrypted independently with a randomly generated initialization vector.

Historic stream ciphers

NameKey SizeIV Length
aes-128-ctr1616
aes-192-ctr2416
aes-256-ctr3216
aes-128-cfb1616
aes-192-cfb2416
aes-256-cfb3216
camellia-128-cfb1616
camellia-192-cfb2416
camellia-256-cfb3216
chacha20-ietf3212
bf-cfb168
chacha20328
salsa20328
rc4-md51616

This website is released under the MIT License.