RNG using AES CTR as encryption algorithm

Peter Gutmann pgut001 at cs.auckland.ac.nz
Mon Sep 14 01:34:03 EDT 2009

Damien Miller <djm at mindrot.org> writes:

>The seems unlikely, since we don't use OpenSSL for AES-CTR in OpenSSH. I
>don't think OpenSSL even supports a CTR mode through its EVP API.

I first saw it reported on the Putty bugs list [0], a good place to track
interop problems with implementations since it's so widely used, which in turn
points to https://bugzilla.mindrot.org/show_bug.cgi?id=1291:

  Connections from "OpenSSH_4.5p1, OpenSSL 0.9.8d 28 Sep 2006" to
  "OpenSSH_4.5p1, OpenSSL 0.9.8e 23 Feb 2007" using "aes256-ctr" fail with
  "Bad packet length".  The same problem occurs when using PuTTY 0.59 against
  the newer server.

  PuTTY users have reported this problem too, with servers on both FreeBSD and
  Linux, and with OpenSSH versions back to 4.0.

In fact it was listed as closed and resolved by, uh, one Damien Miller :-).


[0] Meaing "bugs encountered while using Putty", not necessarily "bugs in

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list