Richard Levitte - VMS Whacker wrote:
OK, I've been follownig this discussion for a while, and it's time I
ake action. Basically, to provide for all the current and future ways
of handling the IV, I can see three alternatives:
- have the application provide a function that manipulates the IV.
- have the application specify exactly which part of the IV is the
actual counter (in bit positions, or would byte positions be
enough?).
- a combination of the two (that would make our code extract the
counters bits and only give those to the provided function, which
then does the increment in any way it wishes).
There's no need for an IV for SSL/TLS encryption with AES CTR mode.
All that's needed is a counter, and a mechanism to prevent using
more than 2^38 or so bytes of keystream without changing the key.
lee_dilkie> (the other thing to remember is that CTR can be used with
lee_dilkie> any block cipher, it's not limited to AES)
Absolutely.
Not quite. You want to be sure to use block ciphers that are
differentially strong. AES is particularly well-suited.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
