From owner-freebsd-security  Thu May  4 18:20:22 2000
Delivered-To: freebsd-security@freebsd.org
Received: from alcanet.com.au (mail.alcanet.com.au [203.62.196.10])
	by hub.freebsd.org (Postfix) with ESMTP id E96D137B5B4
	for <security@FreeBSD.ORG>; Thu,  4 May 2000 18:20:03 -0700 (PDT)
	(envelope-from jeremyp@gsmx07.alcatel.com.au)
Received: by border.alcanet.com.au id <116340>; Fri, 5 May 2000 11:19:51 +1000
Content-return: prohibited
From: Peter Jeremy <peter.jeremy@alcatel.com.au>
Subject: Re: Cryptographic dump(8)
In-reply-to: <200005042015.WAA07617@grimreaper.grondar.za>; from
 mark@grondar.za on Fri, May 05, 2000 at 06:16:30AM +1000
To: Mark Murray <mark@grondar.za>
Cc: "Andrew J. Korty" <ajk@iu.edu>, security@FreeBSD.ORG
Message-Id: <00May5.111951est.116340@border.alcanet.com.au>
MIME-version: 1.0
X-Mailer: Mutt 1.0i
Content-type: text/plain; charset=us-ascii
References: <Pine.BSF.4.21.0005041318270.26492-100000@verbal.uits.iupui.edu>
 <ajk@iu.edu> <200005042015.WAA07617@grimreaper.grondar.za>
Date: Fri, 5 May 2000 11:17:30 +1000
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

On 2000-May-05 06:16:30 +1000, Mark Murray <mark@grondar.za> wrote:
>> I was under the impression that the CBC mode would also propagate this
>> entry throughout the block.  Must I use one of the feedback modes?
>
>Yes.

Not exactly.

> I have no hard references in front of me, but I'll put ${bodypart}
>on a block that CBC is 8-bytes-at-a-time-with-same-key-each-time.

Bzzzt.  You lose (I hope you didn't set ${bodypart} to anything important).
You are thinking of ECB (Electronic Code Book):  This mode takes each
block and individually encrypts it.

CBC (Cipher Block Chaining) is Cn = Ek(C(n-1) XOR Pn)  An initialisation
vector (IV) is XOR'd with the first block.

CFB (Cipher feedback) is Cn = Pn XOR Ek(C(n-1))

OFB (Output feedback) is Cn = Pn XOR (Rn = Ek(R(n-1)))

As for propagation:

ECB: the output block depends on the key only.
OFB: the output block depends on the key and IV only.
CBC and CFB: the output block depends on key, IV and all preceeding plaintext

(They all have different behaviours regarding corruption and
synchronisation - which is important if your backup tape loses a few
bits).

Peter


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message