For example, say you have a client and server. You use asymmetric encryption to

Question

For example, say you have a client and server. You use asymmetric encryption to securely deliver two seeds from server to client. Each user then seeds two PRNGs (one for incoming data, one for outgoing). Then when they send data over the network, they add a new randomly generated byte (from the outgoing PRNG) to each unencrypted byte. The receiver can decrypt using their incoming PRNG which has the same seed as the senders outgoing PRNG. An HMAC could also be used to verify integrity and authenticate messages.

I was just musing over this idea. I'm a total novice to cryptography, so I'm sure there's something flawed with this. I would just like to know what the flaw is?

(The PRNG I'm looking at is ISAAC which is also a stream cipher, but would this work with any PRNG, disregarding speed?)

Explanation / Answer

A PRNG with a seed S whose output is combined with the plaintext is called a stream cipher with the key S. So assuming that the details are filled in correctly, what you're describing is a stream cipher algorithm with two session keys, one used in each direction. Each seed/key must be unique, and the combination must ensure that each output bit has a 1/2 probability of being flipped (xor is common, but addition of bytes would work too).

If you have an encrypted communication channel, then it's already using a stream cipher, which may be built on AES. (Note that AES is not a stream cipher

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.