dontspam-tzeruch(_at_)ceddec(_dot_)com says:
Wouldn't it be better to prefix it with 16 random bytes for 128 bit
ciphers? Maybe we can remove the special CFB mode for these
ciphers?
I spotted this a few months ago. Technically the prefix should be the
blocksize plus 2 and the text should be changed everywhere (including
the long description of the reset) replacing 8 with Blocksize.
If a dictionary-building adversary is not a big concern, then prefixing
could be abandoned in favor of more traditional (i.e. non-zero) IV. One
advantage of it would be the ability to accomodate stream ciphers as
well. A disadvantage is: having a known (or a chosen) plaintext,
an adversary can put a few entries in his dictionary for the
given (but still unknown) key.
For that matter, what is the block size of a stream cipher? (Applause
with the sound of one hand clapping if you can answer correctly). Or
one that is a number of bits that is not divisible by 8?
Since stream cipher doesn't need IV but definitely requires an offset
(and if you can explain the difference in format between the two, one
hand clapping for you), it would be to a clear advantage to have a
non-zero IV (in clear) to accompany the encrypted data.
In that case weird questions like stream cipher blocksize could be
forgotten.
Since no listed algorithm used a different block size it wasn't an
issue (and why I will oppose adding any new ones, and am strongly
suggesting deleting some).
Tough, but those that WILL definitely BE ADDED will be different enough
to upset your whole apple cart.
It would make sense to change the places that use "8" to Blocksize and
"10" to Blocksize+2, and do stream ciphers without any CFB (but prefix
it with either 4 or 10 bytes, the last pair being copies of the
penultimate pair). This mod will have to be in the next version of
the spec.
MAY I suggest that prefixing for a stream cipher is rather useless?
To add security you need an offset in a generated cryptostream. Which
(the offset) necessarily should go in the clear.
Just say MAY and nits go away.
And if your feet bother you - cut 'em off. You'll also save on shoes.
--
Regards,
Uri uri(_at_)watson(_dot_)ibm(_dot_)com
-=-=-=-=-=-=-
<Disclaimer>