Re: Problem CipherMode.CFB in symmetric encryption

From: Markus Stoeger (
Date: 10/15/05

Date: Sat, 15 Oct 2005 19:52:25 +0200

Valery Pryamikov wrote:
> Hi,
> That's not exactly right. Only 1 bit OFB as per old FIPS 81 is totally
> plain text length-indifferent. But both CFB and Full Block Feedback OFB
> (as per ISO 10116) generate keystream that is exact multiple of block
> length. Of course, you can truncate last block of keystream wherever you
> want without affecting decryption, but that doesn't change the fact that
> it is generated by blocksize.
> And using OFB on cipher with short block size (such as 3DES) is really a
> bad idea (unless you are aware what you are doing). OFB acts as random
> mapping that has cycle length of size about sqrt(Pi*BlockSize/8)(ie.
> approx. ~3 GB for DES/3DES).

Hi Valery,

thanks for your reply. What would you recommend me to use instead? I
need to encrypt a stream of bytes "in real time", i.e. I cannot wait
until I have a full block. I always thought that CFB would be the right
choice for that.

Truncating the last block sounds good enough. How would I tell the .NET
framework to do that?

I don't want to use a real stream cipher as there isn't a huge number of
well tested ones. I'd prefer AES/Rijndael.