I was wondering how secure the following algorithm would be for phone calls: suppose that at the beginning of each session, the random key is traded using RSA or some other very secure approach. the key is a *random bit width*, say 100-6000 bits. now, my question is, I wonder if some very cheap algorithms, in terms of computation time, could be used for the "on the fly" encryption of the voice using those bit. would XOR with the pad be totally out of line?
the situation is such that trivial algorithms such as XOR with *unlimited cyphertext* can be broken quite trivially. but it seems to me this dogma that "XOR is WEAK" is based on the premise that you have a huge amount of cyphertext to play with. take away this premise, that you have a session key that is guaranteed to really give you very little cyphertext, do these supposedly "weak" algorithms then become pretty secure?
No, XOR is weak if used even twice. If you XOR the two pieces of cyphertext with each other, you get the two plaintexts XORed. I'd be willing to bet that the human ear can understand two audio signals XORed. Certainly with practice people can understand audio that has been encrypted with frequency inversion. Pre-encryption compression would solve this, but XOR is still very weak.