On Fri, Jul 05, 2019 at 08:32:03AM +0200, Ard Biesheuvel wrote: > > > AFAICS this is using the same key as the actual data. So why > > don't you combine it with the actual data when encrypting/decrypting? > > > > That is, add a block at the front of the actual data containing > > the little-endian byte offset and then use an IV of zero. > > > > That would only work for encryption. True. So this doesn't obviate the need to access the single-block cipher. But the code probably should still do it that way for encryption for performance reasons. Cheers, -- Email: Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> Home Page: http://gondor.apana.org.au/~herbert/ PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt