RNG using AES CTR as encryption algorithm

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Sep 9 02:43:38 EDT 2009

David Johnston <dj at deadhat.com> writes:

>Convincing yourself that you have implemented AES-CTR correctly usually
>involves first checking that your AES-ECB is correct, then putting the output
>of you counter construction into some other known good AES-CTR implementation
>and comparing the results with your implementation.

I was just going to reply with a variation of this, if you're implementing a
full protocol that uses AES-CTR (or any algorithm/mode for that matter), find
other implementations that do it too and make sure that you can talk to them.
In theory everyone could end up implementing it wrong, but that's somewhat

(This has already caught AES-CTR implementation bugs in the past, for example
one particular version of OpenSSL 0.9.8 got AES-CTR keying wrong and it was
noticed when SSH users couldn't connect to OpenSSH servers using this mode).


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list