Questions tagged [ctr]

Counter Mode (CTR) is an encryption mode, that builds a random-access stream-cipher from a block-cipher.

Counter Mode (CTR), also known as Segmented Integer Counter (SIC) or Integer Counter Mode (ICM), makes a block-cipher into a random-access stream cipher by generating a keystream using the block-cipher that is XORed with the plaintext to produce the ciphertext. CTR mode generates keystream blocks by encrypting successive values of a non-repeating counter with the block-cipher.

See the wikipedia page for more information.

250 questions

votes

2 answers

AES CBC mode or AES CTR mode recommended?

What are the benefits and disadvantages of CBC vs. CTR mode? Which one is more secure?

aes cbc ctr

asked Jan 19 '13 at 12:02

mary

1,011
3
11
13

votes

1 answer

(Why) should I avoid using a randomized IV for CTR mode?

I'm currently reading the chapter of Cryptographic Engineering (Ferguson, Schneier, Kohno 2010) about block cipher modes of operation. They have recommended CBC with random IV instead of CTR due to the difficulty of generating nonces for CTR: In…

modes-of-operation initialization-vector ctr

asked Feb 13 '12 at 17:02

Jeremy

votes

2 answers

Why do we use XTS over CTR for disk encryption?

I'm taking Prof. Boneh's crypto class from Coursera, and am unsure on the requirement for XTS mode for disk encryption. It seems that CTR mode would do exactly what XTS can do, but is simpler to implement? In either mode, I will use the disk sector…

ctr disk-encryption xts

asked Feb 21 '14 at 15:00

shrek

votes

1 answer

Why must IV/key-pairs not be reused in CTR mode?

Many sources mention that IVs must not be reused with the same key in CTR mode, for encrypting 2 different pieces of data, because that totally destroys security - but I haven't found an explanation so far as to why this is the case. The issue is…

initialization-vector ctr key-reuse

asked Jun 20 '12 at 17:36

Dexter

votes

4 answers

Is SHA-256 secure as a CTR block cipher?

Generate a 256-bit random nonce. XOR it with a 256-bit reusable symmetric key. This is x. We represent numbers in simple binary instead of a counting function. 0 in dec = [256 zeros] in binary, 1 = [255 zeros]1, 23092348 = [241…

hash block-cipher sha-2 ctr

asked Jan 13 '12 at 17:17

Jordan

votes

1 answer

What is wrong with AES-CTR-HMAC-SHA256 - or why is it not in TLS?

It seems the only specified CTR mode ciphers in TLS are all GCM based. GCM ciphers run AES-CTR and do authenticated encryption with a MAC based on Galois-field arithmetic ("GHASH") - and the latter seems to be difficult to get right in software…

aes modes-of-operation tls ctr

asked Oct 26 '13 at 20:39

oberstet

votes

2 answers

What are the risks of using CTR mode with 64 bit blocks?

On DJB's blog he writes: I was one of about 40 people sitting in a meeting where the speaker, NSA's Louis Wingers (one of the Simon and Speck authors), falsely claimed that counter mode is safe for 64-bit blocks, since counter mode doesn't have…

ctr blocksize

asked Jun 03 '18 at 04:55

Future Security

3,223
1
7
26

votes

1 answer

Reusing keys with AES-CBC

I heard that key/IV pairs must not be reused in AES-CTR, or when using any stream cipher for that matter. Yet the attacks described do not seem to apply to AES-CBC. Is reusing the same key several times dangerous in AES-CBC mode? Does the use of a…

aes cbc ctr

asked Sep 22 '13 at 05:48

user2398029

votes

4 answers

Disadvantages of AES-CTR?

On paper, it sounds *very* good to me: secure fast (in my tests it's somewhat slower than ECB (but without most of the weaknesses, more on that below) but faster than every other alternative I tested, which were ECB, CTR, CBC, OFB, CFB written in…

aes ctr

asked Oct 15 '20 at 08:24

hanshenrik

votes

1 answer

Deterministic nonces in CTR mode

I want to encrypt a file with AES in CTR mode. I have a 256 bit master key and the file. Given these, the encryption must be deterministic, so I can't use a random nonce in the usual way. Fortunately the master key will be unique¹. My original plan…

modes-of-operation ctr convergent-encryption

asked Apr 16 '12 at 08:29

CodesInChaos

24,583
2
87
127

votes

3 answers

AES CTR with similar IVs and same key

Let's say there is a piece of software that uses AES CTR to encrypt different messages using the same key but with slightly different IVs. So for example, a 16 byte IV, the 2nd 8 bytes are always the same, but the 1st 8 bytes are random. How…

encryption aes initialization-vector ctr

asked Aug 29 '13 at 01:32

bwbrowning

votes

1 answer

Why doesn't CTR mode require blocking?

I've been reading a bit about block cipher modes and I have a relatively straightforward question regarding CTR. In essence, I was hoping you guys would be kind enough to validate my understanding of things. As I understand it, CTR does the…

modes-of-operation ctr

asked Nov 05 '12 at 12:09

Louis Thibault

votes

2 answers

What does a stream cipher provide that cannot be obtained with AES CTR mode operation?

I can precompute the key stream for the CTR mode operation and the encryption at that point is similar to a stream cipher. So why are there stream ciphers still used and proposed after RC4? Recently the ChaCha20 as part of the ChaCha20-Poly1305 AE…

aes stream-cipher ctr

asked May 26 '15 at 19:20

user220201

votes

1 answer

Relationship between AES GCM and AES CTR

I have read that AES GCM uses AES CTR for encryption and GMAC for authentication. If that is correct, what is the relationship between the IV used for AES GCM and the IV used for AES CTR? TO put the question another way, can I encrypt using GCM and…

aes initialization-vector gcm ctr

asked Mar 16 '17 at 08:57

Tricky Dixon

votes

5 answers

AES decryption vs encryption speed

Let's consider the CTR mode. For a faster encryption/decryption, is it preferable to use the decryption operation of AES, or its encryption ?

aes ctr performance

asked Sep 02 '15 at 09:13

Dingo13

2,797
2
22
43

2 3

…

16 17 Next