[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Sample Twofish message
Werner Koch, <wk@xxxxxxxxxxxxxxxxx>, writes:
> hal@xxxxxxxx writes:
> > Note also that the special CFB "sync" operation (after processing these 10
> > bytes) is not to be done with block ciphers whose block size is greater
> > than 8 bytes, hence is not done for Twofish.
> Hmmm, section 5.7 states that encryption is done in PGP's special CFB
> mode and there is no exception mentioned.
> If I remember correct, we discussed this 128 bit block cipher issue
> last year and changed the draft accordingly.
The relevant paragraph from section 5.7 is:
The data is encrypted in CFB mode, with a CFB shift size equal to the
cipher's block size. The Initial Vector (IV) is specified as all
zeros. Instead of using an IV, OpenPGP prefixes a 10-octet string to
the data before it is encrypted. The first eight octets are random,
and the 9th and 10th octets are copies of the 7th and 8th octets,
respectively. After encrypting the first 10 octets, the CFB state is
resynchronized if the cipher block size is 8 octets or less. The
last 8 octets of ciphertext are passed through the cipher and the
block boundary is reset.
It only resynchronizes the CFB state if the cipher block size is 8
octets or less. Twofish has a block size of 16 octets, hence the CFB
state does not get resynchronized.