> > You're describing 8-bit-shift CFB. The variant that shifts 64 bits at > > a time requires no more work than straight encryption. > Yes, but the problem we're currently having is that we need to be able to > send byte-at-a-time data over a wire. If we use a 64-bit-shift CFB, we > have exactly the same problem as using a 64 bit cipher in CFB mode. > > > The rule is Ciphertext[N] = Encrypt(Ciphertext[N-1]) XOR Plaintext[N]. > > Initialize with Ciphertext[-1] = IV.
The point is, the encryption layer retains a buffer of the encrypted ciphertext. This gets xored one byte at a time into the plaintext. Only when all 8 (or 16 if AES) bytes are used up do we do another encryption of the most recent 8 bytes of ciphertext. This is how it is done in PGP. Specifically, the encryption filter retains two buffers: encrypted ciphertext, and next block of ciphertext. As we process plaintext bytes, we XOR with the next byte from the encrypted ciphertext buffer and copy to the output, and also save into the "next ciphertext" buffer. Every 8 bytes we have filled the ciphertext buffer. We encrypt it and copy to the encrypted ciphertext buffer, and we are ready to process 8 more bytes of plaintext. There is no need for padding in this scheme. Input and output buffers do not have to be a multiple of the block size. Essentially this is a way of turning a block cipher into a stream cipher. Hal _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
