Media Encryption

For the media streams, the processor should be concerned with generating and processing the media, not with encryption. Thus the encryption should be low cost. Fortunately, both DES and IDEA are fast encryption technologies, and data, audio and video can be encrypted in real-time on an ordinary processor nowadays.

Session keys have to be human readable to allow people to type them in. However, the entropy of the session keys (the randomness) of the keys is then badly compromised since the keys tend to come from real words. To increase the distribution of keys over the space of possible keys, most applications generate the actual session key from the input string by running a hash function over the key such as the MD5 digest function. Whilst this doesn't increase security, it requires attackers to compute an MD5 of every string they want to try.

At which point in the protocol stack to encrypt is yet to be determined - until the IP security architecture described is in place, the current Mbone applications will use the ad hoc approach to encryption discussed in RTP.