Similarily to RC4 (RC4_PRNG+XOR ), would it be secure to use another CSPRNG(Cryptographically secure pseudorandom number ge开发者_运维百科nerator)[Isaac, BlumBlumShub, etc) instead of RC4's and XOR the data with the resulting keystream?
Essentially this is just using Blum Blum Shub (or whatever PRNG) as a stream cipher. This isn't how they're designed to be used, and they might be weak to attacks that make sense in a stream cipher context but not in a CSPRNG context (eg. related-key attacks).
If this is what you want, you're better off just using a modern stream cipher. For example, DJB's Salsa20 is well-regarded.
Well, it depends.
Most encryption algorithms do significantly more than XOR. But that's because the key is shorter than the plaintext. If the key is as large as the plaintext, and truly random, then it is impossible to crack it (it's called a One Time Pad).
So, you need to explain more.
But I'm going to guess that you're key length is not the same as your input length, and that even if it was, almost certainly the random number service you are using is not truly secure, so I'd advise against your approach (furthermore, it goes without saying (maybe) that the problem with OTP is key-exchange).
Swapping out the CSPRNG in this scheme would probably be just as secure, and have the exact same set of assumptions, weaknesses and practical issues.
精彩评论