[Cryptography] Stream Cipher over Unreliable Transport
John Denker
jsd at av8n.com
Thu Jul 2 08:52:10 EDT 2020
On 7/1/20 8:27 PM, Sid Spry wrote:
> I'm assuming the title has been done before. I am having some
> trouble turning up good examples of an implementation. Most stream
> ciphers I can find discussed assume transport integrity.
How is this different from encrypting a random-access disk?
> My imagined selection is one of ChaCha20, AES-CTR block mode, or
> something based on the Mersenne twister, if any of those aren't
> patent encumbered.
I would use ChaCha20.
===============
This is slightly heretical, but I have always considered cipher
"modes" such as CBC to be fig leaves used to cover up a bad
design.
The Right Thing™ is to use a different key for each block. The
chaining mode serves only to disguise the fact that you are
re-using a key. The only reason you would be tempted to do
this is if the cipher is vulnerable to related-key attacks, or
is too expensive to re-key, or both.
===============
Tangential remark:
The is rarely a good reason to use a stream cipher. There are
situations where it's not particularly worse, but it is hard to
imagine a situation where it is better than the alternative.
More information about the cryptography
mailing list