In the Cipher Feedback Mode (CFB) is data encrypted in units smaller than the block size. This mode can be used to encrypt any number of bits e.g. single bits or single characters (bytes) before sending across an insecure data link.
Figure: 8 bit Cipher Feedback Mode
Figure 2.6 shows how single bytes can be encrypted and decrypted using a block cipher in CFB mode. The shift register is initially filled with an initialization vector, and the encryption algorithm is run once to produce 64 output bits. The left-most 8 bits of the output bits are then XOR'ed with the byte to be transmitted. The result of this XOR operation is sent over the network and also fed back to the 64 bit shift register, shifting the left-most 8 bits out. Then, the encryption algorithm is run again and the next character is encrypted in the same manner.
The initialization vector used in CFB mode has the same properties as the initialization vector used in CBC mode. It does not have to kept secret, but should be different for every message transmitted with the same key.
Bit errors in the incoming cipher block (bytes in this context) will cause bit error at the same bit positions in the first plain text block. This cipher block will then be fed to the shift register and cause bit errors in the plain text for as long as the erroneous bits stay in the shift register. Hence, for 8-bit CFB the following 8 bytes will be garbled. After that, the system recovers, and all following bytes is decrypted correctly.
Schneier [4] describes a problem with this kind of error propagation. If Mallet knows the plain-text of a transmission, he can toggle bits in a given block and make that block decrypt to whatever he wants. The next block will be garbled, but the damage may already be done. This is a good argument for using integrity checks of the data stream.