Re: RNG using AES CTR as encryption algorithm

2009-09-14 Thread Damien Miller
On Wed, 9 Sep 2009, Peter Gutmann wrote: I was just going to reply with a variation of this, if you're implementing a full protocol that uses AES-CTR (or any algorithm/mode for that matter), find other implementations that do it too and make sure that you can talk to them. In theory everyone

Re: RNG using AES CTR as encryption algorithm

2009-09-14 Thread Peter Gutmann
Damien Miller d...@mindrot.org writes: The seems unlikely, since we don't use OpenSSL for AES-CTR in OpenSSH. I don't think OpenSSL even supports a CTR mode through its EVP API. I first saw it reported on the Putty bugs list [0], a good place to track interop problems with implementations since

Re: RNG using AES CTR as encryption algorithm

2009-09-14 Thread Damien Miller
On Mon, 14 Sep 2009, Peter Gutmann wrote: Damien Miller d...@mindrot.org writes: The seems unlikely, since we don't use OpenSSL for AES-CTR in OpenSSH. I don't think OpenSSL even supports a CTR mode through its EVP API. I first saw it reported on the Putty bugs list [0], a good place to

Re: how to encrypt and integrity-check with only one key

2009-09-14 Thread Zooko Wilcox-O'Hearn
following-up to my own post: On Monday,2009-09-14, at 10:22 , Zooko Wilcox-O'Hearn wrote: David-Sarah Hopwood suggested the improvement that the integrity- check value V could be computed as an integrity check (i.e. a secure hash) on the K1_enc in addition to the file contents. Oops,