It should be possible to replace the counter increment function. The new NIST modes doc doesn't specify a mandatory increment function, but it does recommend one that's different from "add one every time".
Additionally, a lot of stuff built on counter mode is using a few bits of the counter for other purposes, so the effective counter size is less than the actual counter size. It would be nice to be able to add some sort of parameter that specifies the actual counter size, to prevent counter mode from continuing to encrypt when it's run out of counters. Also, why isn't counter mode implemented in a generic fashion? It's so simple, it should be usable with any block cipher without having to write additional code. John ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
