> >It's not clear that 3des-cfb >> des-cfb (assuming it's still using
> >cfb).
>
> Why do you say this?  As far as I know, there are no generic attacks
> against CFB, and the weakness of DES is (and always has been) against
> brute-force key search, which 3DES defends against.

I have been trying to remember the quote about CFB and I finally found it;
Ross Anderson says of CFB:

"Cipher feedback is not used much any more. It is a specialized mode of
operation for applications such as military HF radio links, which are
vulnerable to fading, in the days when digital electronics were relatively
expensive. Now that silicon is cheap, people use dedicated link-layer
protocols for synchronization and error correction rather than trying to
combine them with the cryptography."

--
http://www.lightconsulting.com/~travis/  -><-
"We already have enough fast, insecure systems." -- Schneier & Ferguson
GPG fingerprint: 50A1 15C5 A9DE 23B9 ED98 C93E 38E9 204A 94C2 641B