CTR mode broken in libgcrypt 1.2.1

Adam Langley alangley at gmail.com
Fri Jun 17 20:53:06 CEST 2005

On 6/17/05, Werner Koch <wk at gnupg.org> wrote:
> Thanks for reporting and for the patch.  However, to apply this patch
> we need to get a copyright assignment for the FSF from you. That is a
> bit of a lengthly process so maybe we better fix it for ourself.  If
> you are willing to sign a such an assignment (or a disclaimer) anyway
> and save us some work, please contact me by private mail.

The patch is tiny, so if the copyright assignment is a pain it might
well be easier to close your eyes and type it in again.

I should point out that since submitting the patch it has been noted
that the NIST is contradictory on the subject of counter mode. There
are documents which suggest that the current libgcrypt implementation
is correct and some that favour my patch.

My recommendation would be to either
  1) drop the patch and make a big note in the documentation that the
implemented cipher mode is not suitable for use as a stream cipher.
  2) implement stream counter mode (e.g. my patch) as a separate mode.

Sorry about the confusion.


Adam Langley                                      agl at imperialviolet.org
http://www.imperialviolet.org                       (+44) (0)7906 332512
PGP: 9113   256A   CC0F   71A6   4C84   5087   CDA5   52DF   2CB6   3D60

More information about the Gcrypt-devel mailing list