Why no default feedbackSize for CFB mode?

14 views
Skip to first unread message

jh...@emocha.com

unread,
Nov 7, 2016, 1:28:24 PM11/7/16
to Crypto++ Users
I just spent a while finding a bug because feedbackSize was not specified in my code. The 
CryptoPP::CFB_Mode<CryptoPP::AES>::Encryption aes(_bKey, sizeof(_bKey), _iv);
should have been:
CryptoPP::CFB_Mode<CryptoPP::AES>::Encryption aes(_bKey, sizeof(_bKey), _iv, 1);


I'm wondering why the CFB_Mode Encryption and Decryption constructors don't automatically supply that?

Jeffrey Walton

unread,
Nov 7, 2016, 11:45:46 PM11/7/16
to Crypto++ Users

I believe the library uses a feedback size equal to the blocksize by default.

The trouble you seem to be suffering is different settings among libraries. Others have had the trouble, too. Also see "Incorrect key size in PHP mcrypt when porting Crypto++ AES encryption to PHP's mcrypt", http://stackoverflow.com/q/4052594. If you have any suggestions to solve that interoperability problem, then I'd be delighted to hear them.

Also, be careful of OFB mode and less-than-blocksize feedback size. In OFB mode the feedback size effectively controls the cycle length with 2^(m/2) for a m-bit block cipher.

Jeff

Mobile Mouse

unread,
Nov 8, 2016, 12:03:24 AM11/8/16
to Jeffrey Walton, Crypto++ Users
Default feedback size for CFB should be the block size, primarily for security reasons. For OFB - even more so.

-- 
-- 
You received this message because you are subscribed to the "Crypto++ Users" Google Group.
To unsubscribe, send an email to cryptopp-user...@googlegroups.com.
More information about Crypto++ and this group is available at http://www.cryptopp.com.
--- 
You received this message because you are subscribed to the Google Groups "Crypto++ Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-user...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
Mobile Mouse      mous...@gmail.com




jh...@emocha.com

unread,
Nov 18, 2016, 8:30:07 AM11/18/16
to Crypto++ Users, nolo...@gmail.com
Could you explain?

I just spent days tracking down a bug because one implementation (CryptoC++) used the default, and another implementation (Python) used 1 as the default size. Given that a feature of CFB (as I understand it) is pad-free, I do not understand why the python side would produce a different result? I figured cryptographically they would be the same?
Reply all
Reply to author
Forward
0 new messages