Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [cfb]

Cipher Feedback Mode (CFB) is an encryption mode, that builds a self-synchronizing stream-cipher from a block-cipher.

Cipher Feedback Mode (CFB) turns a block-cipher into a stream cipher by generating a keystream using the block-cipher that is XORed with the plaintext to produce the ciphertext. CFB mode feeds back the ciphertext block as the next input of the block-cipher to create successive keystream blocks.

See the wikipedia page for more information.

57 questions
15
votes
3 answers

Is using a predictable IV with CFB mode safe or not?

While writing this answer, I noted that NIST SP 800-38A says that (emphasis mine): "For the CBC and CFB modes, the IVs must be unpredictable. In particular, for any given plaintext, it must not be possible to predict the IV that will be associated…
Ilmari Karonen
  • 46,700
  • 5
  • 112
  • 189
10
votes
1 answer

Why is authenticated CFB mode insecure?

I read that the following adaptation of the CFB block cipher mode into an authenticated mode is prone to chosen plaintext attacks, yet Im still unsure how to prove it: Let $P_1,P_2,\ldots P_n$ be the plaintext blocks, $C_1,C_2,\ldots C_n$ the CFB…
NumberFour
  • 417
  • 5
  • 13
9
votes
2 answers

Will varying plaintext compensate for a fixed initialisation vector?

This is a follow-up question to Relative merits of AES ECB and CBC modes for securing data at rest. I need to store encrypted Personal Account Numbers (PANs) in a database. The only encryption option I have available is CFB mode with a fixed (0x00)…
Brent.Longborough
  • 335
  • 2
  • 8
9
votes
2 answers

Cipher Feedback Mode

I can't understand what CFB really is. It said in Wikipedia that CFB is same as CBC, but I find that CFB is more difficult than CBC. Can someone explain to me how CFB works. Such as how Initialization Vector(IV) work inside the Encryption Algorithm…
goldroger
  • 1,737
  • 8
  • 33
  • 41
8
votes
2 answers

Are CFB and OFB really meant for streaming?

CFB, OFB and other modes are meant for streaming and don't require padding. Are there still limitations such as the text needs to be greater than key length?
m33lky
  • 255
  • 2
  • 6
8
votes
1 answer

Would an encryption-only block cipher be useful at all?

I recently implemented AES block cipher, encryption side only, to be used in QUIC parsing (QUIC uses GCM mode). There are other modes than GCM that use only encryption: for example CTR, OFB, and CFB. When implementing the AES cipher encryption side,…
juhist
  • 1,643
  • 1
  • 13
  • 18
7
votes
2 answers

Is a chosen ciphertext attack on PGP still possible?

In a paper from 2002 (pdf), Jallad et al describe a chosen ciphertext attack on PGP by taking advantage of the CFB mode that the block ciphers use under PGP. It's quite a devastating attack. Is this attack still viable in 2016 or has PGP made…
Marcel
  • 185
  • 2
7
votes
1 answer

Where is CFB-MAC defined?

I can find descriptions of using CFB mode to create a MAC and even implementations, but cannot find any standard or papers analyzing its security bounds. Is there a standard for CFB-MAC? Where can I find an analysis of its security bounds?
otus
  • 32,462
  • 5
  • 75
  • 167
6
votes
2 answers

Keeping IV secret for AES CFB mode

I'm developing a security/encryption software and I'm using AES CFB (block size: 16 and key size: 32 bytes). I want to know, if I also keep IV (32 bytes) secret like the key itself (32 bytes), would it add to security or not? Encryption key and IV…
72DFBF5B A0DF5BE9
  • 188
  • 1
  • 6
5
votes
2 answers

does CFB support random read access?

According to Wikipedia block cipher modes of operation, simplified CFB supports random read access. but what about the real CFB where we have a shift register? below are pictures extracted from the book "Cryptography and Network Security by William…
Masoud jt
  • 165
  • 6
5
votes
3 answers

Is it possible to decrypt the 2nd byte of AES-256-CFB-8 ciphertext without decrypting the 1st byte?

I am stuck with AES-CFB decryption. Assume I encrypted plaintext helloworld (10 bytes) using AES-CFB. Now I want to decrypt the second byte e individually, that is I don't want to decrypt the first bytes or any other bytes except the second one.…
ryuu
  • 55
  • 1
  • 7
5
votes
1 answer

Implementing 5 modes of operation with a hash function

Is it possible to implement any of the 5 modes of operation (ECB, CBC, OFB, CFB, CTR) with a hash function?
Malexc
  • 53
  • 3
5
votes
1 answer

Parallelization of CFB mode encryption and decryption

While reading Evaluation of Some Blockcipher Modes of Operation by Rogaway (someone just linked it somewhere), I noticed two claims about CFB that I'm not sure I understand: Regarding whether CFB mode encryption is parallelizable the paper says (on…
otus
  • 32,462
  • 5
  • 75
  • 167
4
votes
1 answer

Show number of affected blocks using CFB DES decryption of altered ciphertext

I have encrypted a file using -des -cfb and now I want to view how many blocks it contains once I decrypt it. I have done this on the Linux terminal. I know that 9 blocks will be effected if there is an error in the ciphertext. I need to show proof…
Xace
  • 59
  • 1
4
votes
1 answer

What's the advantage of using OFB/CFB/CTR modes over a stream cipher

As far as I understand: The primary disadvantage associated with stream ciphers is the need for a random and unique key for each run in order to protect against reused-key attacks. OFB/CFB/CTR block cipher modes turn the cipher into a stream…
krkhan
  • 87
  • 1
  • 5
1
2 3 4