Are CFB and OFB really meant for streaming?

Question

CFB, OFB and other modes are meant for streaming and don't require padding. Are there still limitations such as the text needs to be greater than key length?

score 5 · Answer 1 · answered May 30 '12 at 04:59

5

CFB does require padding unless you use a segment size of 1 bit (or 8 bits if your message is byte oriented). Check Section 5.2 in NIST 800-38A:

For the CFB mode, the total number of bits in the plaintext must
be a multiple of a parameter, denoted s, that does not exceed the
block size

OFB indeed does not require any padding.

There are no other limitations on the plaintext (but read very well the requirements about Initialization Vectors!).

answered May 30 '12 at 04:59

SquareRootOfTwentyThree

1,705
11
16

2

While these recommendation says CFB should be used with only full blocks/segments, I see nothing in its definition which would prohibit simply truncating the last block/segment to match the plaintext size. – Paŭlo Ebermann May 30 '12 at 11:39
1

True, but then you have a non-compliant CFB implementation. – SquareRootOfTwentyThree May 30 '12 at 13:53

score 3 · Accepted Answer · answered Mar 11 '12 at 02:43

3

These modes do indeed turn a block cipher into a stream cipher. The output will always be a multiple of the block size, but you can easily truncate the last block of output to match the plaintext size, but any size plaintext will work. In that manner, no padding is required.

answered Mar 11 '12 at 02:43

mikeazo

38,563
8
112
180

If it simply truncates the last segment, how does it know to correctly decrypt it? I find the name for these block modes deceiving, because there's still a requirement for the data to come in 128/256 bit chunks. Think of it this way: if you get packet fragmentation during transmission you'll get a decryption error, right? – m33lky Mar 11 '12 at 02:48
2

Actually just looking at the diagram at wikipedia there shouldn't be a decryption error, since the last step is an XOR: CFB – m33lky Mar 11 '12 at 02:59
3

@m33lky, since the key stream is independent of the plaintext, there will be no problems decrypting. To decrypt the last (partial) block, generate the key stream, truncate to appropriate length, and xor. – mikeazo Mar 11 '12 at 03:27
1

Very neat mode, why is everyone stuck with CBC? – m33lky Mar 11 '12 at 03:33
4

@m33lky: That is a different question, and an interesting one. – Henrick Hellström Mar 11 '12 at 07:59
Here's the new question. – m33lky Mar 12 '12 at 21:34

Are CFB and OFB really meant for streaming?

2 Answers2

Linked