CTR mode broken in libgcrypt 1.2.1
Werner Koch
wk at gnupg.org
Fri Jun 17 22:03:10 CEST 2005
On Fri, 17 Jun 2005 19:53:06 +0100, Adam Langley said:
> I should point out that since submitting the patch it has been noted
> that the NIST is contradictory on the subject of counter mode. There
> are documents which suggest that the current libgcrypt implementation
> is correct and some that favour my patch.
Hmmm, I have no current use for CTR so I don't have a real opinion.
Simon implemented it and thus he should decide.
> 2) implement stream counter mode (e.g. my patch) as a separate mode.
To keep backwards compatibility that is a better solution.
Thanks,
Werner
More information about the Gcrypt-devel
mailing list