The ECB mode does not require an IV.

The OFB mode does not require an IV.

The CTR mode does not require an IV.

The CBC mode does not require an IV.

Errors in the stream propagate to all subsequent blocks.

It does not require padding.

In does not require the decryption function for a block.

The computation can be parallelized.

TRNGs are typically much slower than PRNGs.

Modern CPUs have a TRNG built-in.

A random keystream is best obtained directly from a TRNG.

Many of the sources for TRNGs are by default biased, i.e., the frequency of 0s and 1s is not equal.

The seed has to be a primitive root in a given finite field.

The length of the output bit stream is always equal to the length of the seed.

The output bit stream of any PRNG will eventually repeat.

When used with a true-random seed, the output bit stream is also truly-random.

The IV is used only for the encryption - it is not needed for decryption.

It does not require padding.

In the encryption, the encrypted block is XORed with prior ciphertext.

In the decryption, the decrypted block is XORed with prior ciphertext.

There are no cryptographic drawbacks to which padding method is chosen - the only requirement is that the padding is reversible.

Adding 0s at the end is a valid way to pad.

If a block mode requires padding, but the plaintext fits exactly into n blocks, we do not need to pad.

All block modes require padding.

24 does not have an additive inverse in mod 60.

10

12

36

DES is a Feistel cipher.

DES encryption and decryption require different algorithms.

All DES rounds are identical.

DES uses a 64-bit long key in 16 rounds.

If we chain two DES encryptions together, the Initial permutation IP and reverse initial permutation, IP^-1, cancel each other out, thereby weakening security.

This is for historic reasons. In fact, encrypting three times would be more secure than encrypting, decrypting, and then encrypting again

Hardware optimization is easier in the case of alternating encryption and decryption, i.e., using EDE instead of EEE.

This allows 3DES to be backwards compatible to 1DES.

0 bit in and 1 bit in

0 bit in and about half the bits in

1 bit in and about half the bits in

about half the bits in and again about half the bits in