[Cryptography] Shortening block cipher length...

Jon Callas jon at callas.org
Mon Mar 29 18:48:17 EDT 2021



> On Mar 29, 2021, at 08:42, Phillip Hallam-Baker <phill at hallambaker.com> wrote:
> 
> The simplest clean option is to write a very simple block cipher using a key derivation function to provide a schedule of XOR masks combined with n bit rotations. That would make it easy to create a permutation algorithm for an arbitrary length bit string.
> 

What's wrong with CFB mode? There are indeed short CFB modes that let you take even one bit per block cipher iteration. Seems to me that that's not only easiest, but has security guarantees.

For that matter, what's wrong with Counter Mode?

	Jon




More information about the cryptography mailing list