From what I understand, in stream-cipher (or AES CTR mode) the key is actually being encrypted using the IV (or in general, from key K we produce pseudo-random bytes). Than, we use this key to encrypt the plaintext using XOR.
But from what I understand, assuming that the same key K is being used, a change of one bit in the plaintext changes only 1 bit the ciphertext.
Am I right, or did I get it totally wrong?
And if I am right, isn't it less secure than CBC? (Because in CBC a change of one bit in the plaintext, changes all the bits in ciphertext from the point of the change an on)
Thanks !!!
Apparently, the CTR mode violates Shannon's diffusion principle, since changing a bit in the plaintext only changes a bit in the output. However this is only part of the story. In fact, you also have to change the IV for each message. Therefore many bits will change in the following message even if you change only a single bit in the plaintext or even if the message remains the same.
On the other hand, if you are concerned with malicous modification of messages, neither CTR nor CBC are safe against those attacks and, as @GregS said, you should use authenticated encryption modes such as CCM, GCM, or EAX.