Could you explain? I just spent days tracking down a bug because one implementation (CryptoC++) used the default, and another implementation (Python) used 1 as the default size. Given that a feature of CFB (as I understand it) is pad-free, I do not understand why the python side would produce a different result? I figured cryptographically they would be the same?
On Tuesday, November 8, 2016 at 12:03:24 AM UTC-5, Mouse wrote: > > Default feedback size for CFB should be the block size, primarily for > security reasons. For OFB - even more so. > > On Nov 7, 2016, at 23:45 , Jeffrey Walton <nolo...@gmail.com <javascript:>> > wrote: > > > > On Monday, November 7, 2016 at 1:28:24 PM UTC-5, jh...@emocha.com wrote: >> >> I just spent a while finding a bug because feedbackSize was not specified >> in my code. The >> >> CryptoPP::CFB_Mode<CryptoPP::AES>::Encryption aes(_bKey, sizeof(_bKey), _iv); >> >> should have been: >> >> CryptoPP::CFB_Mode<CryptoPP::AES>::Encryption aes(_bKey, sizeof(_bKey), _iv, >> 1); >> >> >> >> I'm wondering why the CFB_Mode Encryption and Decryption constructors >> don't automatically supply that? >> > > I believe the library uses a feedback size equal to the blocksize by > default. > > The trouble you seem to be suffering is different settings among > libraries. Others have had the trouble, too. Also see "Incorrect key size > in PHP mcrypt when porting Crypto++ AES encryption to PHP's mcrypt", > http://stackoverflow.com/q/4052594. If you have any suggestions to solve > that interoperability problem, then I'd be delighted to hear them. > > Also, be careful of OFB mode and less-than-blocksize feedback size. In OFB > mode the feedback size effectively controls the cycle length with 2^(m/2) > for a m-bit block cipher. > > Jeff > > -- > -- > You received this message because you are subscribed to the "Crypto++ > Users" Google Group. > To unsubscribe, send an email to cryptopp-user...@googlegroups.com > <javascript:>. > More information about Crypto++ and this group is available at > http://www.cryptopp.com. > --- > You received this message because you are subscribed to the Google Groups > "Crypto++ Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to cryptopp-user...@googlegroups.com <javascript:>. > For more options, visit https://groups.google.com/d/optout. > > > -- > Mobile Mouse mous...@gmail.com <javascript:> > > > > > -- -- You received this message because you are subscribed to the "Crypto++ Users" Google Group. To unsubscribe, send an email to cryptopp-users-unsubscr...@googlegroups.com. More information about Crypto++ and this group is available at http://www.cryptopp.com. --- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
