CTR mode broken in libgcrypt 1.2.1
alangley at gmail.com
Fri Jun 17 20:53:06 CEST 2005
On 6/17/05, Werner Koch <wk at gnupg.org> wrote:
> Thanks for reporting and for the patch. However, to apply this patch
> we need to get a copyright assignment for the FSF from you. That is a
> bit of a lengthly process so maybe we better fix it for ourself. If
> you are willing to sign a such an assignment (or a disclaimer) anyway
> and save us some work, please contact me by private mail.
The patch is tiny, so if the copyright assignment is a pain it might
well be easier to close your eyes and type it in again.
I should point out that since submitting the patch it has been noted
that the NIST is contradictory on the subject of counter mode. There
are documents which suggest that the current libgcrypt implementation
is correct and some that favour my patch.
My recommendation would be to either
1) drop the patch and make a big note in the documentation that the
implemented cipher mode is not suitable for use as a stream cipher.
2) implement stream counter mode (e.g. my patch) as a separate mode.
Sorry about the confusion.
Adam Langley agl at imperialviolet.org
http://www.imperialviolet.org (+44) (0)7906 332512
PGP: 9113 256A CC0F 71A6 4C84 5087 CDA5 52DF 2CB6 3D60
More information about the Gcrypt-devel