On Fri, Dec 04, 2020 at 04:01:53PM +0000, David Howells wrote: > Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > > > > Reading up on CTS, I'm guessing the reason it's like this is that CTS is the > > > same as the non-CTS, except for the last two blocks, but the non-CTS one is > > > more efficient. > > > > CTS is cipher-text stealing, isn't it? I think it was Kevin Coffman > > that did that, and I don't remember the history. I thought it was > > required by some spec or peer implementation (maybe Windows?) but I > > really don't remember. It may predate git. I'll dig around and see > > what I can find. > > rfc3961 and rfc3962 specify CTS-CBC with AES. OK, I guess I don't understand the question. I haven't thought about this code in at least a decade. What's an auxilary cipher? Is this a question about why we're implementing something, or how we're implementing it? --b.
