Werner Koch says:
Okay, how can we resolve this conflict:
From section 5.7:
The data is encrypted in CFB mode, with a CFB shift size equal to the
cipher's block size. The Initial Vector (IV) is specified as all
zeros. Instead of using an IV, OpenPGP prefixes a 10-octet string to
the data before it is encrypted. The first eight octets are random,
and the 9th and 10th octets are copies of the 7th and 8th octets,
respectively. After encrypting the first 10 octets, the CFB state is
resynchronized if the cipher block size is 8 octets or less. The
last 8 octets of ciphertext are passed through the cipher and the
block boundary is reset.
1. For 128-bit block ciphers shouldn't the prefix be increased to,
say, 18 bytes?
2. Shouldn't all procedures be adjusted to 16 octets for such ciphers?
From section 12.8:.........
5.7 says that resync is only done for a blocksize <= 64 but 12.8 says
that is done always (the following step by step list also says this).
I'd abandon (or fix :-) 12.8.