IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Core draft last call update.



> What about the proposed language I sent earlier? It already specifies
> everything needed for CTR mode.

It needs to be turned into a stand-alone internet-draft.

> For any cipher in CTR mode, the counter used to encrypt each plaintext
> block MUST be the IV if no previous plaintext block exists, or C+1 mod 2^N
> where C is the counter used to encrypt the previous block, and N is the
> block size of the cipher in bits.  Network order SHOULD be used to convert
> the counter between its octet string form and its integer form for the
> computation of C+1 mod 2^N. 

so:

The size of the IV is left unspecified.

The text "the counter used to encrypt each plaintext block" is
unspecified, and could mean any of:

	C[n] = ECB-Encrypt(ctr++, P[n]);
	C[n] = P[n] ^ ECB-Encrypt(K, ctr++);
	C[n] = P[n] ^ ctr++;

Also left underspecified is the block size of the mode (i.e., in terms
of how the transport layer pads out messages to the block size);
fundamentally there's no reason why this has to be the same as the
underlying cipher block size, but if they're different, you need to
specify whether or not partial blocks get carried over from message to
message.

				- Bill



Home | Main Index | Thread Index | Old Index