Normally, this is found as the function
algorithm_ofb_encrypt().•
a number of bits (j) <= 64 are enciphered at a time.
•
The OFB mode produces the same ciphertext whenever the same plaintext enciphered using the same key and starting variable. More over, in the OFB mode the same key stream is produced when the same key and start variable are used. Consequently, for security reasons a specific start variable should be used only once for a given key.
•
The absence of chaining makes the OFB more vulnerable to specific attacks.
•
The use of different start variables values prevents the same plaintext enciphering to the same ciphertext, by producing different key streams.
•
Selection of a small value for j will require more cycles through the encipherment algorithm per unit of plaintext and thus cause greater processing overheads.
•
Only multiples of j bits can be enciphered.
•
OFB mode of operation does not extend ciphertext errors in the resultant plaintext output. Every bit error in the ciphertext causes only one bit to be in error in the deciphered plaintext.
•
OFB mode is not self-synchronizing. If the two operation of encipherment and decipherment get out of synchronism, the system needs to be re-initialized.
•
Each re-initialization should use a value of the start variable different from the start variable values used before with the same key. The reason for this is that an identical bit stream would be produced each time from the same parameters. This would be susceptible to a 'known plaintext' attack.