On Tue, Aug 12, 2025 at 5:07 PM Lana Deere <lana.de...@gmail.com> wrote:
> On Tuesday, August 12, 2025 at 8:10:03 AM UTC-4 Jeffrey Walton wrote: > > GCM plaintext maximum length is specified in bits, not bytes. See > SP800-39D, Section 5.2.1.1 Input Data, p. 8, < > https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf>. > That leads to: > > 2^39 - 256 = 549755813632 > 549755813632 / 8 = 68719476704 > > > Is there a standard practice for handling AES encryption of large files? > E.g., create a new IV and resume encryption? Use something other than GCM > which has a higher limit? > The limit you are encountering in GCM mode is due to an internal 32-bit counter. The limit is not directly due to AES. You could use a block cipher and mode of operation with a 64-bit counter, or a stream cipher with a 64-bit counter. Bernstein's original ChaCha20 has an internal 64-bit counter. So Bernstein's ChaCha20 paired with Poly1305 could be a good replacement for you. See < https://www.cryptopp.com/wiki/ChaCha20>. The IETF's version of ChaCha20 used in TLS regresses to a 32-bit counter, so don't use it. Jeff -- You received this message because you are subscribed to the Google Groups "Crypto++ Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to cryptopp-users+unsubscr...@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/cryptopp-users/CAH8yC8%3DaTnOxAvMWbOOFto2RnUtqPecxTW_k-%3DmBNaXLt8Mq1A%40mail.gmail.com.
