Questions tagged [ctr-mode]

CTR is a mode of operation for block ciphers where a nonce and (block-)counter are encrypted together by the block cipher and the result is XORed with the plaintext. This effectively transforms a block cipher into a stream cipher. Questions having this tag should be about the proper use and intricacies associated with the CTR mode.

CTR is a mode of operation for block ciphers where a nonce and (block-)counter are encrypted together by the block cipher and the result is XORed with the plaintext. This effectively transforms a block cipher into a stream cipher where exactly the same algorithm is used for encryption and decryption.

enter image description here

AES for example has a block size of 128-bit. Although the NIST recommendation sp800-38a Appendix B doesn't specify how it is split into nonce and counter, the nonce is usually a 96-bit integer and the counter a 32-bit integer.

When a nonce+counter is reused for the same key, this gives an attacker a non-negligible advantage at recovering the plaintext. That is why only 64 GByte (=block size * counter size) of data can be securely encrypted in case of AES.

References:
Why must IV/key-pairs not be reused in CTR mode?
CTR-mode on Wikipedia
NIST recommendation sp800-38a Appendix B

21 questions

votes

6 answers

How to pick an appropriate IV (Initialization Vector) for AES/CTR/NoPadding?

I would like to encrypt the cookies that are written by a webapp and I would like to keep the size of the cookies to minimum, hence the reason I picked AES/CTR/NoPadding. What would you recommend to use as IV that's random enough and still keep the…

encryption aes ctr-mode

asked Jan 05 '11 at 19:46

Drew

1,332
3
15
21

votes

1 answer

Which provider is responsible for AES/CTR/NoPadding?

Information about my implementation The code snippet below highlights my current implementation of a crypto object, using both the AES cipher and CTR mode of operation. import javax.crypto.Cipher; public abstract class Crypto { private static…

java cryptography aes jce ctr-mode

asked Mar 13 '17 at 13:01

Ricardo Miranda

votes

1 answer

How does libgcrypt increment the counter for CTR mode?

I have a file encrypted with AES-256 using libgcrypt's CTR mode implementation. I want to be able to decrypt the file in parts (e.g. decrypting blocks 5-10 out of 20 blocks without decrypting the whole file). I know that by using CTR mode, I should…

cryptography block-cipher libgcrypt ctr-mode

asked Dec 27 '18 at 14:34

E1adi

votes

1 answer

Using the nonce and counter correctly for AES-CTR mode

I understand that in AES Counter mode I need to use a 128 bit nonce. The naïve way to do that would be to use a random 128 bit nonce, but I'm not sure the algorithm will be able to increment the counter correctly if it's passed as all random bits. I…

javascript encryption aes cryptojs ctr-mode

asked Apr 02 '15 at 23:17

seatosum

votes

2 answers

Interoperability of AES CTR mode?

I use AES128 crypto in CTR mode for encryption, implemented for different clients (Android/Java and iOS/ObjC). The 16 byte IV used when encrypting a packet is formated like this: <11 byte nonce> | <4 byte packet counter> | 0 The packet counter…

cryptography aes commoncrypto ctr-mode

asked Sep 21 '12 at 11:28

Markus R

votes

1 answer

How to set block size in PyCrypto AES CTR Mode

I am trying to get AES encryption to work through the PyCrypto library in Python. I read in the password from the user and salt from a file. I then call PBKDF2 to generate a key from the textual password PBKDF2(self.master_password, salt, 32) I…

python encryption aes pycrypto ctr-mode

asked Apr 12 '17 at 15:15

Mitziu Echeverria

votes

1 answer

Java AES Counter Mode Incrementing

I've written a an encryption/decryption prototype with Java using sample code in this answer. However, I'm trying to play with AES' counter mode (CTR) and the encrypted values appear to be just as incrementable as the integer sequence that I'm…

java encryption cryptography aes ctr-mode

asked Apr 20 '17 at 19:22

entpnerd

10,049
8
47
68

votes

1 answer

How to handle the IV/Nonce/Counter for AES CTR?

import javax.crypto.Cipher; public abstract class Crypto { private static final String CIPHER_ALGORITHM = "AES/CTR/NoPadding"; private String AesKeyString = "ByWelFHCgFqivFZrWs89LQ=="; private void setKey() throws…

java encryption aes nonce ctr-mode

asked Mar 16 '17 at 14:25

Ricardo Miranda

votes

1 answer

AES-CTR double encryption reverses the ciphertext to plaintext

When I try to encrypt the ciphertext again with the same key, it produces the original plaintext. Algoritm used is AES with COUNTER MODE. Key and IV remains the same. Is this the way the algorithm is supposed to behave? And if, what is the use of…

java encryption aes javax.crypto ctr-mode

asked Jun 25 '15 at 11:55

Sudershan

vote

1 answer

Writing AES-CTR decryption routine in python

I have the following code func encrypt(key, data string) (string, error) { byteKey := []byte(key) plaintext := []byte(data) block, err := aes.NewCipher(byteKey) if err != nil { return "", err } ciphertext :=…

python cryptography aes ctr-mode

asked Nov 12 '18 at 20:14

Wanda Newman Wile

vote

2 answers

Using CTR mode in DES algorithm (in python)

I want to use CTR mode in DES algorithm in python by using PyCryptodome package. My code presented at the end of this post. However I got this error: "TypeError: Impossible to create a safe nonce for short block sizes". It is worth to mention that,…

encryption des block-cipher pycryptodome ctr-mode

asked Oct 12 '18 at 21:21

AI_Eng

vote

1 answer

How can I make CCCrypt compute AES in another mode?

The signature of one-shot crypto method CCCrypt is this (from CommonCryptor.h): CCCryptorStatus CCCrypt( CCOperation op, /* kCCEncrypt, etc. */ CCAlgorithm alg, /* kCCAlgorithmAES128, etc. */ CCOptions options, /*…

objective-c cryptography aes commoncrypto ctr-mode

asked Jul 12 '17 at 14:41

Raphael

9,779
5
63
94

vote

1 answer

pycryptodome: OverflowError: The counter has wrapped around in CTR mode

I am having difficulty with AES-CTR encryption using pycryptodome on Python 3. Data can be ~1000 bytes but when it gets long enough it breaks. I do not understand what this error supposedly means or how to get around it. from os import urandom from…

python-3.x encryption counter ctr-mode pycryptodome

asked Apr 18 '17 at 01:23

ArekBulski

4,520
4
39
61

vote

1 answer

Decrypt random chunk of an encrypted AES-CTR file in PHP's mcrypt

I have a 1MB test file and I want to decrypt it starting from its 500KB, not from the beginning. It doesn't need to start exactly from 500KB of the file, it can start at the beginning of any chunk as long as it's not the first, I just want to learn…

php encryption mcrypt chunks ctr-mode

asked Mar 14 '16 at 02:36

Eduardo C. Martins

votes

0 answers

Python AES CTR Mode using same Key/IV

I found a hash of an encrypted PIN code (in this case 9999) which I know to be encrypted using AES CTR. Problem is, I can't figure how to write this in python. I know the key and the IV are the same however I understand CTR mode does not require an…

python encryption aes ctr-mode

asked May 12 '21 at 08:42

Decrypt3d

2 Next