On Thu, Feb 02, 2006 at 11:57:50AM -0800, Wim Lewis wrote:
As I understand it (it's been a while...), normal CFB has no concept of
partial block encryption except at the end of the stream.
Yes it does. The whole point of CFB is that it can encrypt arbitrary block
lengths up to the block size of the used block cipher. That is why it is
used in interactive applications.
What I've written above is very much not the way that pgp2.6.2 thinks of
the operation, but I'm pretty sure it's equivalent.
Right, your description is equivalent, but different from the traditional
view of CFB. I implemented CFB resynchronization based on the description in
Bruce Schneier's "Applied Cryptography", without looking into any
implementations. The result was interoperable at first attempt.
From the comment in 2.6.2:
* Phil invented a unique way of doing CFB that's sensitive to semantic
* boundaries within the data being encrypted.
[... detailed explanation snipped ... ]
* This is equivalent to using a
* shorter feedback length (if you're familiar with the general CFB
* technique) briefly, and doesn't weaken the cipher any (using shorter
* CFB lengths makes it stronger, actually), it just makes it a bit unusual.
I somewhat disagree. Following semantics with block length may indeed be
PZ's innovation, but variable block length is one of the reasons why CFB has
been invented in the first place.
--
Daniel