We propose a comprehensive and efficient optical-cryptographic encryption scheme to improve the security of vulnerable optical encryption systems. Based on cryptography theory, we increase data protection using diffusion-confusion processes acting in the input and output of the optical encryption scheme. The new enhanced ciphertext has attributes of a one-way function that is easy to achieve but almost impossible to revert without the correct random phase masks used for diffusion-confusion operations. Despite the straightforward design, combining optical, cryptographic, and chaos methods increases the number of encryption-decryption keys raising two significant concerns. First, the management and transmission of several keys carry a high storage footprint, and second, it impairs the optical high-speed information processing capability. We overcome these two drawbacks by applying a new optical keystream synthesizer based on the stochastic speckle nature and a maximum entropy constraint in a forward-backward propagation algorithm. This new approach quickly replicates the necessary keystream in the encryption-decryption stations offering higher security and efficiency than other reported systems. We validate the feasibility of this proposal by synthesizing an experimental keystream and performing 24-bit data encryption-decryption. Then, we verify the security improvement of two vulnerable cryptosystems and their robustness against cryptanalysis attacks. Finally, we perform experimental encryption-decryption.