[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: stream ciphers (Re: 128 bit block ciphers)

To: pkoning@xxxxxxxxx (Paul Koning)
Subject: Re: stream ciphers (Re: 128 bit block ciphers)
From: Uri Blumenthal <uri@xxxxxxxxxxxxxx>
Date: Wed, 1 Jul 1998 20:14:31 -0400 (EDT)
Cc: ietf-open-pgp@xxxxxxx
In-reply-to: <> from "Paul Koning" at Jul 1, 98 05:16:49 pm
Reply-to: uri@xxxxxxxxxxxxxx
Sender: owner-ietf-open-pgp@xxxxxxx

Paul Koning says:
> Hm.  That sounds like practical stream cyphers will always be insecure 
> (to the extent that an unknown stream offset has a significant
> security benefit).

A stream cipher is basically a PRNG generator. You use the PR stream
somewhat similarly to OTP - for example you prefer not to reuse it
(lest you want that what happened to KGB would happen to you, i.e.
"Venona" :-).

Stream ciphers have their place under the Sun...

> An IV can (and should be) random -- all bits unpredictable.

An IV doesn't have to and should not be random.  It doesn't need
to be unpredictable. All it really needs to be is non-repetitive.


> A stream
> offset may be random but it cannot in practice be random in more than
> a modest number of low order bits, so the set of likely values is
> necessarily small.

It can, but as it was said - it would not be very practical. However,
if you utilize only a few KBytes of the stream (for each key :-), you
might be able to live with small offsets... 
["Poor man's James Bond" :-]
-- 
Regards,
Uri		uri@xxxxxxxxxxxxxx
-=-=-=-=-=-=-
<Disclaimer>

References:
- Re: stream ciphers (Re: 128 bit block ciphers)
  - From: Paul Koning

Prev by Date: Re: stream ciphers (Re: 128 bit block ciphers)
Next by Date: Algorithm Decisions
Previous by thread: Re: stream ciphers (Re: 128 bit block ciphers)
Next by thread: Re: stream ciphers (Re: 128 bit block ciphers)
Index(es):
- Date
- Thread