What's the advantage of using OFB/CFB/CTR modes over a stream cipher

Question

As far as I understand:

The primary disadvantage associated with stream ciphers is the need for a random and unique key for each run in order to protect against reused-key attacks.
OFB/CFB/CTR block cipher modes turn the cipher into a stream cipher. Again, the IV/nonce should be random and unique.

What's the advantage of using the aforementioned block cipher modes over using a regular stream cipher (even though the latter would probably be faster)?

score 6 · Accepted Answer · answered May 29 '14 at 03:44

There is no real advantage, other than the fact that it allows you to convert a block cipher into a stream cipher securely. Since there has been a large amount of research put into block ciphers and ciphers such as AES are commonly implemented in hardware (such as AES-NI), it allows for reuse of the primitives.

Side note: the nonce generally does not need to be random to be secure, it just needs to be unique. Since it will be irreversibly and unpredictably permuted by the block cipher it can be predictable unlike an IV, but a nonce reuse is significantly more devastating than an IV reuse.

What's the advantage of using OFB/CFB/CTR modes over a stream cipher

1 Answers1