I'm looking for pointers, or perhaps an explanation of the statement I found in Applied Cryptography (section 9.6) where it implies that if the IV is not unique in CFB mode, the cryptanalyst can recover the plaintext. The reason that this interests me is that I have a file, encrypted with DES in CFB mode. I believe I know the first 8 bytes of plaintext and I also know the IV used. While it'd be nice to decrypt this file, I don't know that it'd be worth brute forcing the key, even if the spare cycles to do it were available. Any pointers to any pertinant information would be appreciated. Thanks. -- Kevin L. Prigge |"A computer lets you make more mistakes faster UofM Central Computing | than any invention in human history--with the email: klp@umn.edu | possible exceptions of handguns and tequila." 01001001110101100110001| - Mitch Ratcliffe