ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: 128 bit block ciphers

1998-06-29 17:30:22
from [dontspam-tzeruch] [Permanent Link] 
On Mon, 29 Jun 1998, Jon Callas wrote:


At 02:38 PM 6/29/98 -0400, dontspam-tzeruch(_at_)ceddec(_dot_)com wrote:

   I spotted this a few months ago.  Technically the prefix should be the
   blocksize plus 2 and the text should be changed everywhere (including the
   long description of the reset) replacing 8 with Blocksize.  I have these
   as #defines in my implmentation but they are likely to become variables,
   so I was ready for this.

I'm willing to do this -- replacing 8 with Blocksize, and 10 with
Blocksize+2. It's an easy enough change that provides a lot of clarification.


This will be hard to get right.  There are a lot of places and I don't
think I found them all when I looked at it which is one of the reasons I
didn't suggest the change although I think I posted a note asking about
different block sizes.  The whole example at the end presupposes an 8 byte
block size.


   For that matter, what is the block size of a stream cipher?  (Applause
   with the sound of one hand clapping if you can answer correctly).  Or one
   that is a number of bits that is not divisible by 8? 

The blocksize of a stream cypher is 1/8 octet. Octet-level stream cyphers
(like RC4) can also be thought of as an 8-bit block cypher. Really.


Can be.  But it is simpler to pretend that they are 8 octet from a
implmentors point of view and this should not compromise security.  This
has not come up yet - how do you resynch with single bytes?

The worst questions aren't those without an answer, they are the questions
with several correct answers.


   It would make sense to change the places that use "8" to Blocksize and
   "10" to Blocksize+2, and do stream ciphers without any CFB (but prefix it
   with either 4 or 10 bytes, the last pair being copies of the penultimate
   pair).  This mod will have to be in the next version of the spec.
   
I'm willing to do this.


This version or next version?  For this version I would leave a note that
the CFB is going to change as I noted above - as I pointed out, all
current algorithms happen to use 8 byte blocks.  The next version should
define this correctly though.  I think I can interoperate with everything
wk is doing, so if he adds something we can verify that we both do it the
same way until work on 1.1 starts.

(is this final call or not?  Far less drastic and complex changes are
being rejected).

--- reply to tzeruch - at - ceddec - dot - com ---
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  areas of spec incomplete? (Re: Question and note), Adam Back
Next by Date:  Re: 128 bit block ciphers, dontspam-tzeruch
Previous by Thread:  Re: 128 bit block ciphers, Jon Callas
Next by Thread:  Re: 128 bit block ciphers, Werner Koch
Indexes:  [Date] [Thread] [Top] [All Lists]