Re: [remailer] OFB, CFB modes
- Tom Ritter
- 2013-01-15 @ 12:33
-----BEGIN PGP SIGNED MESSAGE-----
On 1/15/2013 4:29 AM, Yuri Nahum wrote:
> Hey Guys,
> I think you all know the OFB or CFB modes for block ciphers. My problem
> is, that sometimes in the definition, there is a shift register and not
> all bits are xored with the plaintext, but just j of them. At other
> times, there is no such thing.
> For example in wikipedia, and Cryptography Engineering from Schneier
> there is no shift register. In Applied Cryptography from Schneier, and
> the Handbook of Applied Cryptography from Vanstone, Menezes, Oorschot,
> there is a shift register.
Yes. In the NIST pub this is referred to as the "Segment Size" denoted by s.
> Does the shift add any security-relevant attributes or is it just there,
> so that developers can more easily drop some bugs? Which is the
> "correct" version, if there is such a thing?
As I understand it is basically a customizable parameter that can be
tweaked for specific implementations. Choosing your segment size can
eliminate the need for padding to the end of a block - since the block
size is now in your control. As an example of this, both PyCrypto and
mcrypt (PHP) operate with an 8-bit segment size, so it can encrypt any
number of bytes without requiring padding, since the input will always be
a multiple of 1 byte. I don't know if there's a 'most common' or
'correct' version. I remember seeing segment size of 128 (to match the
block ciphers it was implemented with) and obviously 8.
My understanding may be wrong. You may also want to ask on the randombit
crypto mailing list. Remember to authenticate your ciphertext!
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----