Re: Stream ciphers

From: Maaartin <grajcar1@xxxxxxxxx>
Date: Tue, 29 Dec 2009 15:07:46 -0800 (PST)

On Dec 29, 11:42 pm, Ivan Voras <ivo...@xxxxxxxxx> wrote:

I am thinking about big flipping and key / keystream reuse.

You must NEVER reuse the key. This is usually acomplished by dividing
the "whole key" in two parts:
The master key (called simply key) and the nonce. The master key may
stay the same and must be kept secret, the nonce may never repeat and
may be implemented simply as a counter. For example, Salsa20 uses a
256 bit key and 64 bit nonce.

Mixing the plaintext into the internal state could help a bit in case
of repeating the "whole key", but it always leaks some information. At
least with two ciphertexts c1 and c2, which happen to be equal, you
know the plaintexts are equal too.

My question: What are the most interesting stream ciphers working not
by simple xoring?

.

References:
- Stream ciphers
  - From: Ivan Voras
- Re: Stream ciphers
  - From: unruh
- Re: Stream ciphers
  - From: Ivan Voras

Prev by Date: Re: Stream ciphers
Next by Date: Re: Key SetUp
Previous by thread: Re: Stream ciphers
Next by thread: Re: Stream ciphers
Index(es):
- Date
- Thread

Relevant Pages

Re: Encryption algorithm (fully described) comments requested
... hashing the master key with a nonce and supplying that as the ARC4 ... Then somehow store the nonce with the ciphertext. ... For decryption, ...
(sci.crypt)
Re: Backup von =?windows-1252?Q?verschl=FCsselten_Daten_in_?= =?windows-1252?Q?die_Cloud?=
... Schema ist es nicht notwendig das das Nonce zufällig ist. ... könnte auch ein Counter sein. ... dass der Plaintext daraus nur mit Kenntnis des ... wenns ein Hash ist, ist obige Nonce nur wegen dem ...
(de.comp.security.misc)
Re: ANNOUNCE: "jscryptor: client-side web page encryption" using JavaScript
... may have an information leakage (where sending the same plaintext twice is ... different ciphertexts with the same plaintext and key seems ... between iv vs nonce? ...
(sci.crypt)
Re: Tightly stuffed crypto framing
... There are statements that using RSA directly to encrypt data is ... random 16 bynonce of 20 bytes to the plaintext, ... The nonce mainly serves the purpose that the short ... plaintexts (with some parts constant or known to the attacker) cannot ...
(sci.crypt)
Tightly stuffed crypto framing
... There are statements that using RSA directly to encrypt data is ... I also need to sign the plaintext _and_ ciphertext. ... retransmit them without breaking the signature. ... The nonce mainly serves the purpose that the short ...
(sci.crypt)