[PYTHON-CRYPTO] [NIST SP 800-38A] Recommendation for Block Cipher Modes of Operation
Andy Dustman
andy at DUSTMAN.NET
Mon Dec 17 19:18:49 CET 2001
I picked this up on Bruce Schneier's Crypto-Gram. There are a few modes
not covered by PEP-272 that would probably be good to add as supported
modes, even if some of them aren't widely supported in practice yet.
NIST special publication SP 800-38A, "Recommendation for Block
Cipher Modes of Operation," is also available. The initial modes
are ECB, CBC, CFB, OFB, and CTR. Other modes will be added at a
later time.
SP 800-38A:
<http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf>
http://www.counterpane.com/crypto-gram-0112.html
Incidentally, PEP-272 should probably make mention that CFB and OFB
typically have a variable segment size, and that sometimes this will be
limited by the implementation. For example, the NIST document above
specifies CFB-1, -8, and -128 for AES; but OpenSSL's IDEA implementation
only includes CFB-64.
Which raises the question: Should the segment size be a keyword
parameter to new(), i.e. AES.new(AES.CFB, key, IV, segment=128); or
should it be incorporated into the mode, i.e. AES.new(AES.CFB128, key,
IV)? If the latter, it calls into question the feedback modes table in
PEP-272. Perhaps feedback modes should be an opaque
(implementation-dependent) data type, using standardized naming.
--
Andy Dustman PGP: 0x930B8AB6
@ .net http://dustman.net/andy
You can have my keys when you pry them from my dead, cold neurons.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/python-crypto/attachments/20011217/f1868155/attachment.pgp>
More information about the python-crypto
mailing list