Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Security-Basics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: (semi-OT): Correct definition of the DES OFB?

from [Clement Dupuis] Network Security [Permanent Link]
Subject: RE: (semi-OT): Correct definition of the DES OFB?
Date: Sun, 24 Jul 2005 13:16:40 -0400 
Good day,

The best reference for any of the DES Modes of operation is FIPS81 at:
http://www.columbia.edu/~ariel/ssleay/fip81/fip81.html  

You cannot go wrong and it is well explained with illustrations.

If you wish to get more details and targeted responses, you could post your
questions to CISSP specific mailing list such as the CISSPStudy mailing list
at www.cccure.org 

Visit http://cccure.org/mailman/listinfo/cisspstudy_cccure.org to subscribe.

Take care

Clement

Clément Dupuis, CD
President/Security Evangelist/Chief Learning Officer (CLO)
CCCure Enterprise Security & Training Inc.
CISSP, GCFW, GCIA, Security+, CEH, CCSA, MBNS, MBIS, MBHS, CCSE, ACE
Tel: 954 364 8410 (Florida)
Tel: 514 907 1671 (Montreal)
Tel: 418 907 0263 (Quebec)
Fax: 636 773 6328 

Maintainer of :

The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org     

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org    


-----Original Message-----
From: Saqib Ali [mailto:docbook.xml@gmail.com]
Sent: Sunday, July 24, 2005 9:37 AM
To: webappsec@securityfocus.com; security-basics@securityfocus.com!
Subject: (semi-OT): Correct definition of the DES OFB?

Hello All,

I was reading the CISSP Exam Guide by Shon Harris  (2nd Edition). She
gives the following definition for DES in the OFB (Output Feedback)
Mode.

"...if DES is working in Output Feedback (OFB) Mode, it is functioning
like a stream cipher by generating a stream of random binary bits to
be combined with the plaintext  to create ciphertext. The ciphertext
is fed back to the algorithm to form a portion of the next input to
encrypt the next stream of bits." (page 486)

I thin, the last sentence "The ciphertext is fed back to the algorithm
to form a portion of the next input to encrypt the next stream of
bits" is incorrect. That is what happen in the Cipher Feeback (CFB)
Mode, and NOT theOFB mode.

In OFB mode, the "random value" is fed back into the algorithm. i.e.
the "Random Value" from the previous operation becomes the IV for the
next operation.

Am I correct?  Can anyone please validate this? Thanks.

--
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  (semi-OT): Correct definition of the DES OFB?, Saqib Ali
Next by Date:  Re: (semi-OT): Correct definition of the DES OFB?, Saqib Ali
Previous by Thread:  (semi-OT): Correct definition of the DES OFB?, Saqib Ali
Next by Thread:  Re: (semi-OT): Correct definition of the DES OFB?, Saqib Ali
Indexes:  [Date] [Thread] [Top] [All Lists]