Hacker News new | comments | show | ask | jobs | submit login

Given the problems Tarsnap had with CTR mode

FWIW, the Tarsnap bug wasn't a cryptographic mistake, it was a refactoring mistake -- I knew what the code should be doing, and the code was doing exactly what the code should be doing, right up to the point when I decided to tidy it up.

The lesson to be learned from that isn't "crypto is hard" or "CTR is dangerous", but rather "pay attention when you rewrite existing code".

ok; in my case i was confused by the way pycrypto handles ivs for ctr mode (it ignores the iv and expects an explicit offset or prefix to the counter). so initially i had the same encryption every time.

but anyway, ignoring that red herring, if you have the time, confirmation that it seems to do what you described would be appreciated...

[edit: fwiw, other concerns i have include: is there any reason why hmac shouldn't use the same key as the main cipher; is it better to use a random counter offset or a smaller counter and a prefix / nonce?]

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact