On Wed, 9 Sep 2009, Peter Gutmann wrote: > I was just going to reply with a variation of this, if you're implementing a > full protocol that uses AES-CTR (or any algorithm/mode for that matter), find > other implementations that do it too and make sure that you can talk to them. > In theory everyone could end up implementing it wrong, but that's somewhat > unlikely. > > (This has already caught AES-CTR implementation bugs in the past, for example > one particular version of OpenSSL 0.9.8 got AES-CTR keying wrong and it was > noticed when SSH users couldn't connect to OpenSSH servers using this mode).
The seems unlikely, since we don't use OpenSSL for AES-CTR in OpenSSH. I don't think OpenSSL even supports a CTR mode through its EVP API. Any mistakes in implementing CTR mode in OpenSSH are therefore our own. -d --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [email protected]
