Does anyone have a good implementation of a stream cipher written in pure portable C? I am not terribly concerned with the strength of the cipher at this point in time because it is only for a proof of concept, but speed would be important. I've thought about just Xor'ing with a constant if I cannot find a decent stream cipher.
A:
Have you looked at OpenSSL? It has a secure implementation of a lot of cryptographic algorithms and primitives. You don't have to use it with anything network related. However, it's not really well documented or easy to learn. If you care a lot about security (for instance, if you are storing private user data such as credit cards) you should definitely use OpenSSL or some other secure implementation instead of rolling your own.
Jay Conrod
2008-12-22 19:34:44
RC4 in OpenSSL may work. I was kind of hoping to just have an implementation of the cipher in a stand alone C file rather than a whole library to import though.
Steven Behnke
2008-12-22 19:57:44
+1
A:
I got Blowfish going without much trouble. It claims to be faster than DES.
David Norman
2008-12-22 19:41:53
from wikipedia's http://en.wikipedia.org/wiki/Block_cipher :Stream ciphers can be built using block ciphers. OFB-mode and CTR mode are block modes that turn a block cipher into a stream cipher.
Jason S
2008-12-22 22:47:48
+2
A:
For a pure POC application, you can quickly throw ROT13 into place. http://en.wikipedia.org/wiki/ROT13
However, I'm very hesitant in making the suggestion since too frequently simple POC code that's meant to be replaced later never is...
Brian Knoblauch
2008-12-22 19:44:49
Yeah, I was hoping for something a little bit cryptographically stronger than Rot13 and I'm dealing with binary data not an ASCII byte stream.
Steven Behnke
2008-12-22 19:56:28
+2
A:
RC4 is a very simple algorithm to implement.
Check out Sterling Camden's implementation or Adam Back's implementation.
orip
2008-12-22 20:25:27
A:
e.James
2008-12-22 20:27:11
+1
A:
See the ECRYPT eStream project. These are serious hardcore cryptographic algorithms judged by security experts. As far as I know all the candidate algorithms were required to include an implementation in pure C (not C++).
edit: The great thing about that website is it goes into a lot of depth about the different algorithms, including their known weaknesses, and includes performance benchmarks as well.
Jason S
2008-12-22 22:55:19
They don't seem to be available yet, unless I just can't find the link.
Steven Behnke
2008-12-23 01:00:23
The links are there but are nonstandard (no underlining) -- they are the items in the tables. (mouse over and you should see the cursor change for a link)
Jason S
2008-12-23 13:53:28