Nevermind the algorithm, I saw the second PDF. For the other readers, the algorithm in more standard variable names is:
c_i = f_K(p_i xor c_(i-1)) xor p_(i-1) IV = <p_(-1), c_(-1)> I suppose the dependency on c_(i-1) and p_(i-1) is the part that prevents the attacker from predicting and controlling the garble. -- "If you're not part of the solution, you're part of the precipitate." Unix "guru" for rent or hire -><- http://www.lightconsulting.com/~travis/ GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]