diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index 93a799f4f..36becd981 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -39,6 +39,7 @@ set(keepassx_SOURCES
     crypto/SymmetricCipherGcrypt.cpp
     crypto/SymmetricCipherSalsa20.cpp
     format/KeePass2.h
+    format/KeePass2RandomStream.cpp
     format/KeePass2Reader.cpp
     format/KeePass2Writer.cpp
     format/KeePass2XmlReader.cpp
diff --git a/src/format/KeePass2RandomStream.cpp b/src/format/KeePass2RandomStream.cpp
new file mode 100644
index 000000000..fc246a784
--- /dev/null
+++ b/src/format/KeePass2RandomStream.cpp
@@ -0,0 +1,79 @@
+/*
+ *  Copyright (C) 2010 Felix Geyer <debfx@fobos.de>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 or (at your option)
+ *  version 3 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "KeePass2RandomStream.h"
+
+#include "format/KeePass2.h"
+#include "crypto/CryptoHash.h"
+
+KeePass2RandomStream::KeePass2RandomStream(QByteArray key)
+    : m_cipher(SymmetricCipher::Salsa20, SymmetricCipher::Stream, SymmetricCipher::Encrypt,
+          CryptoHash::hash(key, CryptoHash::Sha256), KeePass2::INNER_STREAM_SALSA20_IV)
+    , m_offset(0)
+{
+}
+
+QByteArray KeePass2RandomStream::randomBytes(int size)
+{
+    QByteArray result;
+
+    int bytesRemaining = size;
+
+    while (bytesRemaining > 0) {
+        if (m_buffer.size() == m_offset) {
+            loadBlock();
+        }
+
+        int bytesToCopy = qMin(bytesRemaining, m_buffer.size() - m_offset);
+        result.append(m_buffer.mid(m_offset, bytesToCopy));
+        m_offset += bytesToCopy;
+        bytesRemaining -= bytesToCopy;
+    }
+
+    return result;
+}
+
+QByteArray KeePass2RandomStream::process(const QByteArray& data)
+{
+    QByteArray randomData = randomBytes(data.size());
+    QByteArray result;
+    result.resize(data.size());
+
+    for (int i=0; i<data.size(); i++) {
+        result[i] = data[i] ^ randomData[i];
+    }
+
+    return result;
+}
+
+void KeePass2RandomStream::processInPlace(QByteArray& data)
+{
+    QByteArray randomData = randomBytes(data.size());
+
+    for (int i=0; i<data.size(); i++) {
+        data[i] = data[i] ^ randomData[i];
+    }
+}
+
+void KeePass2RandomStream::loadBlock()
+{
+    Q_ASSERT(m_offset == m_buffer.size());
+
+    m_buffer.fill('\0', m_cipher.blockSize());
+    m_cipher.processInPlace(m_buffer);
+    m_offset = 0;
+}
diff --git a/src/format/KeePass2RandomStream.h b/src/format/KeePass2RandomStream.h
new file mode 100644
index 000000000..a1aa7944f
--- /dev/null
+++ b/src/format/KeePass2RandomStream.h
@@ -0,0 +1,41 @@
+/*
+ *  Copyright (C) 2010 Felix Geyer <debfx@fobos.de>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 or (at your option)
+ *  version 3 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef KEEPASSX_KEEPASS2RANDOMSTREAM_H
+#define KEEPASSX_KEEPASS2RANDOMSTREAM_H
+
+#include <QtCore/QByteArray>
+
+#include "crypto/SymmetricCipher.h"
+
+class KeePass2RandomStream
+{
+public:
+    KeePass2RandomStream(QByteArray key);
+    QByteArray randomBytes(int size);
+    QByteArray process(const QByteArray& data);
+    void processInPlace(QByteArray& data);
+
+private:
+    void loadBlock();
+
+    SymmetricCipher m_cipher;
+    QByteArray m_buffer;
+    int m_offset;
+};
+
+#endif // KEEPASSX_KEEPASS2RANDOMSTREAM_H
diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
index f35637e29..2423e4b81 100644
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@@ -114,3 +114,5 @@ add_unit_test(NAME testcryptohash SOURCES TestCryptoHash.cpp MOCS TestCryptoHash
 add_unit_test(NAME testsymmetriccipher SOURCES TestSymmetricCipher.cpp MOCS TestSymmetricCipher.h LIBS ${TEST_LIBRARIES})
 
 add_unit_test(NAME testhashedblockstream SOURCES TestHashedBlockStream.cpp MOCS TestHashedBlockStream.h LIBS ${TEST_LIBRARIES})
+
+add_unit_test(NAME testkeepass2randomstream SOURCES TestKeePass2RandomStream.cpp MOCS TestKeePass2RandomStream.h LIBS ${TEST_LIBRARIES})
diff --git a/tests/TestKeePass2RandomStream.cpp b/tests/TestKeePass2RandomStream.cpp
new file mode 100644
index 000000000..58a246642
--- /dev/null
+++ b/tests/TestKeePass2RandomStream.cpp
@@ -0,0 +1,74 @@
+/*
+ *  Copyright (C) 2010 Felix Geyer <debfx@fobos.de>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 or (at your option)
+ *  version 3 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "TestKeePass2RandomStream.h"
+
+#include "crypto/CryptoHash.h"
+#include "crypto/SymmetricCipher.h"
+#include "format/KeePass2.h"
+#include "format/KeePass2RandomStream.h"
+
+#include <QtTest/QTest>
+
+void TestKeePass2RandomStream::test()
+{
+    const QByteArray key("\x11\x22\x33\x44\x55\x66\x77\x88");
+    const int SIZE = 128;
+
+
+    SymmetricCipher cipher(SymmetricCipher::Salsa20, SymmetricCipher::Stream, SymmetricCipher::Encrypt,
+                           CryptoHash::hash(key, CryptoHash::Sha256), KeePass2::INNER_STREAM_SALSA20_IV);
+
+    const QByteArray data(QByteArray::fromHex("601ec313775789a5b7a7f504bbf3d228f443e3ca4d62b59aca84e990cacaf5c5"
+                                              "2b0930daa23de94ce87017ba2d84988ddfc9c58db67aada613c2dd08457941a6"
+                                              "1abc932417521ca24f2b0459fe7e6e0b090339ec0aa6faefd5ccc2c6f4ce8e94"
+                                              "1e36b26bd1ebc670d1bd1d665620abf74f78a7f6d29809585a97daec58c6b050"));
+
+    QByteArray cipherPad;
+    cipherPad.fill('\0', SIZE);
+    cipher.processInPlace(cipherPad);
+
+    QByteArray cipherData;
+    cipherData.resize(SIZE);
+
+    for (int i=0; i<SIZE; i++) {
+        cipherData[i] = data[i] ^ cipherPad[i];
+    }
+
+
+    KeePass2RandomStream randomStream(key);
+    QByteArray randomStreamData;
+    randomStreamData.append(randomStream.process(data.mid(0, 7)));
+    randomStreamData.append(randomStream.process(data.mid(7, 1)));
+    QByteArray tmpData = data.mid(8, 12);
+    randomStream.processInPlace(tmpData);
+    randomStreamData.append(tmpData);
+    randomStreamData.append(randomStream.process(data.mid(20, 44)));
+    randomStreamData.append(randomStream.process(data.mid(64, 64)));
+
+
+    SymmetricCipher cipherEncrypt(SymmetricCipher::Salsa20, SymmetricCipher::Stream, SymmetricCipher::Encrypt,
+                                  CryptoHash::hash(key, CryptoHash::Sha256), KeePass2::INNER_STREAM_SALSA20_IV);
+    QByteArray cipherDataEncrypt = cipherEncrypt.process(data);
+
+
+    QCOMPARE(randomStreamData.size(), SIZE);
+    QCOMPARE(cipherData, cipherDataEncrypt);
+    QCOMPARE(randomStreamData, cipherData);
+}
+
+QTEST_MAIN(TestKeePass2RandomStream);
diff --git a/tests/TestKeePass2RandomStream.h b/tests/TestKeePass2RandomStream.h
new file mode 100644
index 000000000..d27734f85
--- /dev/null
+++ b/tests/TestKeePass2RandomStream.h
@@ -0,0 +1,31 @@
+/*
+ *  Copyright (C) 2010 Felix Geyer <debfx@fobos.de>
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation, either version 2 or (at your option)
+ *  version 3 of the License.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef KEEPASSX_TESTKEEPASS2RANDOMSTREAM_H
+#define KEEPASSX_TESTKEEPASS2RANDOMSTREAM_H
+
+#include <QtCore/QObject>
+
+class TestKeePass2RandomStream : public QObject
+{
+    Q_OBJECT
+
+private Q_SLOTS:
+    void test();
+};
+
+#endif // KEEPASSX_TESTKEEPASS2RANDOMSTREAM_H