Re: AES counter mode

Richard Levitte - VMS Whacker Thu, 26 Jun 2003 14:15:05 -0700

In message <[EMAIL PROTECTED]> on Thu, 26 Jun 2003 13:31:37 -0700, Michael Sierchio 
<[EMAIL PROTECTED]> said:


kudzu> Richard Levitte - VMS Whacker wrote:
kudzu> 
kudzu> > OK, I've been follownig this discussion for a while, and it's time I
kudzu> > ake action.  Basically, to provide for all the current and future ways
kudzu> > of handling the IV, I can see three alternatives:
kudzu> > 
kudzu> > - have the application provide a function that manipulates the IV.
kudzu> > - have the application specify exactly which part of the IV is the
kudzu> >   actual counter (in bit positions, or would byte positions be
kudzu> >   enough?).
kudzu> > - a combination of the two (that would make our code extract the
kudzu> >   counters bits and only give those to the provided function, which
kudzu> >   then does the increment in any way it wishes).
kudzu> 
kudzu> There's no need for an IV for SSL/TLS encryption with AES CTR mode.
kudzu> All that's needed is a counter, and a mechanism to prevent using
kudzu> more than 2^38 or so bytes of keystream without changing the key.

Whatever, I used the terms like this:

- IV is a bitstring of some sort (possibly random), of the same size
  as the crypto algorithm block.  In the AES case, it would be 128
  bits.
- For CTR mode, the counter is a part of the IV.  The rest of the IV
  is some kind of random bits (a nonce).

Those are the conditions I'm working from.  Makes sense?

kudzu> > lee_dilkie> (the other thing to remember is that CTR can be used with
kudzu> > lee_dilkie> any block cipher, it's not limited to AES)
kudzu> > 
kudzu> > Absolutely.  
kudzu> 
kudzu> Not quite.  You want to be sure to use block ciphers that are
kudzu> differentially strong.  AES is particularly well-suited.

Point.

-- 
Richard Levitte   \ Tunnlandsvägen 3  \ [EMAIL PROTECTED]
[EMAIL PROTECTED]  \ S-168 36  BROMMA  \ T: +46-8-26 52 47
                    \      SWEDEN       \ or +46-708-26 53 44
Procurator Odiosus Ex Infernis                -- [EMAIL PROTECTED]
Member of the OpenSSL development team: http://www.openssl.org/

Unsolicited commercial email is subject to an archival fee of $400.
See <http://www.stacken.kth.se/~levitte/mail/> for more info.
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Re: AES counter mode

Reply via email to