I've been looking at the AES CTR mode implementation in 0.9.7
The counter increment function blindly assumes that the counter value can be
incremented across the whole 128 bits of the counter block.
If you look at (e.g.) RFC3686 or the NIST 800-38A publication, then they
both envisage a counter
The counter increment function blindly assumes that the counter value can be
incremented across the whole 128 bits of the counter block.
Correct, which is why it's called AES_ctr128_*.
If you look at (e.g.) RFC3686 or the NIST 800-38A publication, then they
both envisage a counter block that
???
Dave
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Andy Polyakov
Sent: 08 July 2005 13:23
To: openssl-dev@openssl.org
Subject: Re: AES CTR mode implementation
The counter increment function blindly assumes that the counter value
can be incremented
David C. Partridge writes:
Hmmm OK I do see you point here. I was sure I'd seen a discussion on the
net about this saying that it was dangerous to (e.g.) start the counter at
zero, and that a nonce should be built in, and that this part should remain
constant. But, now that I've gone
.
Paul
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of David C. Partridge
Sent: Friday, July 08, 2005 10:13 AM
To: openssl-dev@openssl.org
Subject: RE: AES CTR mode implementation
800-38A essentially says up to impementator, doesn't