Re: Modulo instead of XOR in CFB

From: Gregory G Rose (
Date: 08/10/05

Date: 10 Aug 2005 08:24:55 -0700

In article <42f9f6c0$0$8411$>,
Thomas <> wrote:
>In CFB mode usually the plain text is XORed with the encrypted queue
>bit. However, I want encrypt only bytes below 0xFF and the cipher should
>not contain any 0xFF.
>Therefore I thought of replacing the XOR with (mod 255).
>Are there any security concerns I might hav overseen?

Assuming that the generator is good, you'll
introduce a bias by doing this. That's because
the generator will generate 0 and 255 with equal
probability, both of which will encrypt the
plaintext the same way (in fact, by not changing
it). That means that a ciphertext byte is twice
as likely to be the same as the plaintext as it
is to be any other byte. This is a staggeringly
large bias, by crypto standards.


Greg Rose
232B EC8F 44C6 C853 D68F  E107 E6BF CD2F 1081 A37C
Qualcomm Australia:

Relevant Pages

  • Re: Extreme Porn - Hiding your Stash ?
    ... data that we want to encrypt. ... being XORed with the plaintext. ... the breaking of the German Lorenz cypher ... this was because the obscuring characters weren't as random as ...
  • Re: Matrixview SWISH almost two times better compression then GZIP and much faster
    ... like open source, chosen plaintext, lots of computing power. ... the ciphertext was encrypted with ME6 -- or simply encrypt the ME6 ... computing power and lots of crypto experts to help. ... If ME6 can't withstand such an attack, ...
  • Re: Streambuddy
    ... the plaintext for a small portion of the file (the magic number in the ... You get a file and 40-bit secret key to encrypt it. ... if you're actually just XOR'ing the pseudo random stream with the ... much you mix internally the key and how much internal state you have. ...
  • =?windows-1252?Q?Scalable_Key_Cryptography_=96_Randomness_at_Work=2E?=
    ... a working cipher program. ... Suppose that I want to encrypt the character in Balinese that has ... The key and plaintext are again ... from the same range will decrypt its own related ciphertext item. ...
  • Re: ADVERT: Secure communications.
    ... >So if I use RC4 with the following precautions to encrypt a small ... >amount of plaintext, it should be quite secure, right? ... >Assuming I'm encrypting very small amounts of plaintext, ... attack... ...