According to experts, it's extremely useful, but requires careful use. Abuse of stream cipher, mostly in form of reusing a nonce, can very easily lead to very insecure system.

OFB is defined by:

K

_{0}= IV

K

_{i}= E(K, K

_{i-1}) for i = 1,...,k

C

_{i}= P

_{i}XOR K

_{i}

where:

IV is Initialization Vector,

E is Encryption Function,

C

_{i}is i-th ciphertext block,

P

_{i}is i-th plaintext block.

The IV value has to be random, or it can be gegenerated from a nonce (nonce is number used only once. it can be counted, computed, or taken from image or movie or any other data).

Decryption is exactly the same operation as encryption.

No padding is neccessary.

Using the same IV for two different messages, and having one of the plaintexts (happens more often than it seems, for example: with mailing lists) makes for very trivial to decrypt the other ciphertext.

There's risk of collision attacks on such ciphers, between the key stream blocks and the initial starting points.

Source: [8].

See also: Cryptographic Attacks, Block Ciphers.

## No comments:

## Post a Comment