On Mon, 29 Jun 1998, Uri Blumenthal wrote:
It would make sense to change the places that use "8" to Blocksize and
"10" to Blocksize+2, and do stream ciphers without any CFB (but prefix
it with either 4 or 10 bytes, the last pair being copies of the
penultimate pair). This mod will have to be in the next version of
the spec.
MAY I suggest that prefixing for a stream cipher is rather useless?
To add security you need an offset in a generated cryptostream. Which
(the offset) necessarily should go in the clear.
The problem is there is no other way to determine if a key is correct than
to match the final pairs of bytes in the prefix. It adds no security, but
without any means of checksumming the symmetrically encrypted ESKs, you
can't tell which of the passphrases actually match. I suggested adding a
checksum to the SKESK, but that was shot down. So you require a checksum
like mechanism in the cryptostream. The simplest is to do the same type
that the existing CFB system uses.
--- reply to tzeruch - at - ceddec - dot - com ---