Paul Koning says:
Hm. That sounds like practical stream cyphers will always be insecure
(to the extent that an unknown stream offset has a significant
security benefit).
A stream cipher is basically a PRNG generator. You use the PR stream
somewhat similarly to OTP - for example you prefer not to reuse it
(lest you want that what happened to KGB would happen to you, i.e.
"Venona" :-).
Stream ciphers have their place under the Sun...
An IV can (and should be) random -- all bits unpredictable.
An IV doesn't have to and should not be random. It doesn't need
to be unpredictable. All it really needs to be is non-repetitive.
A stream
offset may be random but it cannot in practice be random in more than
a modest number of low order bits, so the set of likely values is
necessarily small.
It can, but as it was said - it would not be very practical. However,
if you utilize only a few KBytes of the stream (for each key :-), you
might be able to live with small offsets...
["Poor man's James Bond" :-]
--
Regards,
Uri uri(_at_)watson(_dot_)ibm(_dot_)com
-=-=-=-=-=-=-
<Disclaimer>