tags:

views:

53

answers:

2
+1  Q: 

Latest stream cipher considered reasonably secure & easy to implement?

(A)RC4 used to fit the bill, since it was so simple to write. But it's also less-than-secure these days.

I'm wondering if there's a successor that's:

  • Code is small enough to write & debug within an hour or so, using pseudo code as a template.
  • Still considered secure, as of 2010.
  • Optimized for software.
  • Not encumbered by licensing issues.

I can't use crypto libraries, otherwise all of this would be moot. Also, I'll consider block algorithms though I think most are pretty hefty.

Thanks.

A: 

No cipher is easy to implement, especially symmetric ciphers and they never will be. There is a lot that can go wrong, and most programmers don't realize this. You need to do a lot more reading into this topic.

With block ciphers you must be concerned with the mode you use, and different modes fill different needs(But ECB is always the wrong choice). You must also be very careful about maintaining a unique IV for each message. If you are using a "password" as your key then you have to use a string2key function.

Stream ciphers don't have IV's or modes, and this actually makes things more difficult. A stream cipher function accepts only a key and the output is a "PRNG stream" that is infinity large. This stream of random data is then XOR'ed with your message. So if you use the same key, you will get the same PRNG stream. If an attacker knows the plain text of 1 message (or a part of a message) then he can XOR out the PRNG from the cipher text and then decrypt all other messages using that key in constant time O(1). For a stream cipher to be practically secure you can never reuse the same key.

I highly recommend that you pick up a copy of Practical Cryptography, which has a few chapters dedicated to Symmetric Cipher attacks. This book is straight to the point and doesn't require a lot of math. If don't really care about implementing your own then you can use a proven cipher implementation such as Jasypt which "just works" in a very secure way.

Rook  2010-06-07 16:16:49
Implementing a cipher is as hard as following a spec... He asked how to implement a cipher, not how to compose cryptographic primitives.
Longpoke  2010-06-07 16:37:25
@Longpoke I have answered this question correctly.
Rook  2010-06-07 17:02:39
I'm familiar with concepts such as a nonce and hashing key + nonce, which makes the issue of key reuse less relevant. I'm just wondering what the easy-to-implement state of the art is, as I haven't been paying too much attention to crypto APIs in the past five years or so.
hythlodayr  2010-06-07 17:49:42
@hythlodayr I've updated my answer, I think you're looking for Jasypt or something like it.
Rook  2010-06-07 20:32:27
+1  A: 

Honestly your best bet is to go use a crypto library. Its an already tested platform and when even the crypto libraries can/do have trouble with implementing the algorithms... Its better to use the pre-existing crypto libraries, its already tough enough to do encryption/decryption correctly using the API as it is as in this post on Coding Horror: Why Isn't My Encryption.. Encrypting?

Now I've gone to the Wikipedia article on Stream ciphers it might be worth going through the list of ciphers on the article, there has been several ciphers developed since RC4 in 1987, and to my very limited cryptography knowledge some of them seems like they might be more secure than RC4. You may also want to consider checking out the Wikipedia article on eSTREAM. There are several ciphers which are in the portfolio: HC-128, Rabbit, Salsa20/12, SOSEMANUK.

Pharaun  2010-06-07 16:25:28
1. Coming up with a new algorithm is difficult. Writing an implementation, not so much. 2. It's for inhouse use. Having a reasonably secure PRNG on hand is nice to have in one's arsenal of code. I can make RC4 work--throw out the first 256 to 1024 bytes--but it's 23 years old; it was already 8 years old when I got a first-edition copy of Bruce Schneier's book back in 1995 and read it from cover to cover; and I feel it's worth looking around to see what progress has been made.
hythlodayr  2010-06-07 17:57:42
1. That's quite true, however writing an implementation can still leave yourself vulnerable to side attacks via flaws in the implementation. 2. Fair enough, I've updated my post to include what I hope is some more useful information.
Pharaun  2010-06-07 19:37:39
Don't give this guy a -1 he is actually trying and he isn't wrong. Although rc4 is broken (look at the attacks against WEP). You can still use RC4-drop1024, but you'd be better off with a block cipher like AES or Serpent (2nd place aes finalist that is still secure) in OFB mode.
Rook  2010-06-07 20:41:02

related questions

Encryption in C# Web-Services
How Do You Secure database.yml?
ASP.NET LocationProvider
What do you (or your company) use for wiping a machine?
Can a proxy server cache SSL GETs? If not, would response body encryption suffice?
Java: What is the best way to SFTP a file from a server
How do I call a Flex SWF from a remote domain using Flash (AS3) ?
Best way to store a database password in a startup script / config file?
Using VM to get around VPN restrictions
Best references for secure coding practices in ASP.NET and classic ASP.
Secure Memory Allocator in C++
Resolving Session Fixation in JBoss
Best Practices for securing a REST API / web service
Defensive programming
Personal Linux web server
Block user access to internals of a site using HTTP_REFERER
Is there an Unobtrusive Captcha for web forms?
My website got hacked... What should I do?
What all do I need to escape when sending a (My)SQL query?
How do you disable browser Autocomplete on web form field / input tag?
Best .NET obfuscation tools/strategy
Are there best practices for testing security in an Agile development shop?
What is the best way to avoid SQL injection attacks?
Found a critical bug, but the company doesn't care
PHP Session Security