I've always wondered this about the lesser-used modes. What's special about CBC?
With CFB in particular, I think 8-bit CFB is stupid (one full block encryption per byte processed - rather computationally expensive), but n-bit CFB seems just as useful as CBC, if not more so. Specifically, I can start sendings bits of C_(i-1) = IV xor P_(i-1) as soon as I feel like it, even before all of P_(i-1) is in, and it uses the same number or less crypts than CBC. Futhermore, it can be used to encrypt "in place" like CBC but without any special "ciphertext stealing" or other processing. Of course I assume that integrity is handled by a completely seperate mechanism that includes redundancy; anything less is snake oil. For that matter, error extension doesn't seem to be an issue to me in most cases. Error handling should be done via a seperate layer that adds redundancy to the ciphertext prior to transmission (and can do error correction, not just detection). If any error is so bad that it defeats this layer, I want to know about it (and will find out via yet another layer, an integrity/authenticity layer); it could also be a malicious attack, and unless there is bad sunspot or EMP activity the seperation of duties allows me to distinguish between the two. The exception I can see is if retransmission or delay is unacceptable and it is better to get a garbled message than none at all. This may be the case with human spies in occupied territory, or perhaps for emergency messages to a deep space probe, or such. Still, this is the Internet age and transmission errors are increasingly handled by the lower layers. Is anyone actually doing crypto with plaintext that is interpreted by humans (so they can detect and deal with garbles) over radio any more? Not many among us here I suspect. That having been said, I can't see much in favor of OFB over CTR mode. -- Kill dash nine, and its no more CPU time, kill dash nine, and that process is mine. -><- <URL:http://www.subspacefield.org/~travis/> For a good time on my UBE blacklist, email [EMAIL PROTECTED]
pgpVkl00SrKY3.pgp
Description: PGP signature
