Hal wrote: > This is pretty standard, really. It represents the situation where the > "character size" is the same as the block size, which is a well defined > case in standard CFB.
Hal is correct. The method he proposes is a common means of turning a block cipher into a "stream cipher". Similar methods exist for turning a block cipher into a hash function. This versatility of block ciphers is one of the many reasons why block ciphers are so popular. We know how to trivially build other important cryptographic primitives out of block ciphers. Which, and I hope I don't digress too far, is one of the primary reasons why NIST required the AES candidates to be block ciphers. While I am thinking about it; I am just catching up with the traffic in the archives. Seems there was a discussion which ciphers to use in Freenet. Without taking a position, allow me to say this: every working group and standards body I am participating in, which are quite a few, that presently is facing similar decisions has come to the following conclusion: if you are still discussing which cipher to use in early May, you are not going to ship production code until AES has been chosen. The AES candidates have seen an awful amount of attention by the best there are, hence the symmetric cipher for the production version of the software will be AES. Similarly, the asymmetric cipher will be RSA, since the patent will have expired by that time (unless space/CPU constraints favor ECC, which is not the case for Freenet or perfect forward secrecy is desired, which is the case in Freenet, in which case the choice for some purposes is ephemeral DH). Not trying to stoke any fires, just trying to save some time by pointing to what is happening in similar situations. Some may say that the AES candidates are relatively young and have not seen the years of cryptanalysis that, for example, Blowfish has seen. This is incorrect. Virtually every cryptanalyst of standing has spent the last few years doing little cryptanalysis but analyzing the AES candidates. AES is the holy grail of a cryptographer's lifetime. Nothing else comes even close. I felt this rather intimately when it took 7 months after I reverse engineered and published GSM's A5/1 (which, if it wasn't for AES, would have been the juiciest target for cryptanalysts worldwide since DES and RSA) before a world-renowned cryptanalyst went to work on it. And the one that did finally work on A5/1 and subsequently broke it has a CV so impressive that breaking an AES candidate would have added relatively little in reputation capital. --Lucky _______________________________________________ Freenet-dev mailing list Freenet-dev at lists.sourceforge.net http://lists.sourceforge.net/mailman/listinfo/freenet-dev
