I am just curious:
How does OpenPGP cope with 128 bit block ciphers (AES)?
The data is encrypted in CFB mode, with a CFB shift size equal to
the cipher's block size. The Initial Vector (IV) is specified as
all zeros. Instead of using an IV, OpenPGP prefixes a 10-octet
string to the data before it is encrypted. The first eight octets
are random, and the 9th and 10th octets are copies of the 7th and
Wouldn't it be better to prefix it with 16 random bytes for 128 bit
ciphers? Maybe we can remove the special CFB mode for these ciphers?
Werner