RNG using AES CTR as encryption algorithm
Damien Miller
djm at mindrot.org
Sun Sep 13 05:47:27 EDT 2009
On Wed, 9 Sep 2009, Peter Gutmann wrote:
> I was just going to reply with a variation of this, if you're implementing a
> full protocol that uses AES-CTR (or any algorithm/mode for that matter), find
> other implementations that do it too and make sure that you can talk to them.
> In theory everyone could end up implementing it wrong, but that's somewhat
> unlikely.
>
> (This has already caught AES-CTR implementation bugs in the past, for example
> one particular version of OpenSSL 0.9.8 got AES-CTR keying wrong and it was
> noticed when SSH users couldn't connect to OpenSSH servers using this mode).
The seems unlikely, since we don't use OpenSSL for AES-CTR in OpenSSH.
I don't think OpenSSL even supports a CTR mode through its EVP API.
Any mistakes in implementing CTR mode in OpenSSH are therefore our own.
-d
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list