Earlier someone asked about comparisons between full-width CFB and CBC. They are very similar in certain ways. For example, the sequence of operations for both are the same: xor the next block of plaintext; encrypt the result; xor the next block of plaintext; encrypt the result; and so on. The difference relates to the handling of the IV and the last block; and more importantly, to where in this chain we define the output to be. For CBC the output is after the encrypt steps; for CFB the output is after the xor teps. This also implies that, except for the first and last blocks, you can transform a CBC encryption into a CFB encryption by xoring the plaintext into the ciphertext, and vice versa.
In terms of IV, CFB encrypts the IV and then xors with the first block of plaintext. CBC xors the IV with the plaintext and then encrypts. So you have a little more flexibility in terms of choosing your IV, with CFB mode. A simple counter should be good enough. However the penalty for erroneously reusing an IV is worse; it reveals the XOR of the respective plaintexts, whereas in CBC mode it will only reveal whether the plaintexts are identical. Hal Finney PGP Corporation --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]