Found in 1 comment on Hacker News
pbsd · 2014-11-25 · Original thread
Curious; Symantec's report said the RC5 encryption was performed in CFB mode, but this is not the case. Instead, we have a weird combination of CBC and CFB, with CFB being used solely for the last block (instead of padding or ciphertext-stealing). This has the look of seriously legacy code.

This seems to be a very old mode: I have trouble finding references to it with less than 20 years. This mode is in [1, pg. 151] and [2, pg. 77], as far as I can find, both of which were published in 1982. [2] also introduced ciphertext stealing, albeit a bugged version [3, §6].

[1] http://faculty.nps.edu/dedennin/publications/Denning-Cryptog...

[2] http://www.amazon.com/Cryptography-Dimension-Computer-Securi... [sorry, no PDF link]

[3] http://web.cs.ucdavis.edu/~rogaway/papers/steal.pdf

Fresh book recommendations delivered straight to your inbox every Thursday.