Bruce Fields <bfields@xxxxxxxxxxxx> wrote: > > Reading up on CTS, I'm guessing the reason it's like this is that CTS is the > > same as the non-CTS, except for the last two blocks, but the non-CTS one is > > more efficient. > > CTS is cipher-text stealing, isn't it? I think it was Kevin Coffman > that did that, and I don't remember the history. I thought it was > required by some spec or peer implementation (maybe Windows?) but I > really don't remember. It may predate git. I'll dig around and see > what I can find. rfc3961 and rfc3962 specify CTS-CBC with AES. David
