mike at halcrow.us
Mon Aug 30 19:19:20 CEST 2004
On Mon, Aug 30, 2004 at 01:04:11PM +0200, Werner Koch wrote:
> > all 0's, with random text prepended to substitute)? How does it
> > handle the very last block of plaintext, if the size of that block is
> > less than the cipher block size?
> It does not need to. A CFB stream may end at any byte without taking
> the block length in account.
So I assume that this is done by simply x'oring the first n bytes of
the last block of plaintext with the first n bytes of the last FRE?
> > And things will go a lot faster if I can just use CBC for now, so
> > please tell me GnuPG can handle that. :-)
> Well, you can define your private extensions to OpenPGP (e.g. a CBC
> variant) but an OpenPGP application may or may not be able to handle
> it. Certainly we could add this extension to GnupG if it really makes
> sense. OTOH, it ould be far easier to add a CFB mode to Linux.
It actually involves some footwork, since the kernel crypto API
currently only supports data that is a multiple of the block size. I
am currently in the process of altering that behavior.
Michael A. Halcrow
Security Software Engineer, IBM Linux Technology Center
GnuPG Fingerprint: 05B5 08A8 713A 64C1 D35D 2371 2D3C FDDA 3EB6 601D
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: not available
Url : /pipermail/attachments/20040830/465afc31/attachment.bin
More information about the Gnupg-devel