edit: on the wraparound counters, i can replace it with a nonce (prefix) and smaller counter (and no wraparound). i thought they were equivalent, but people do seem to prefer a prefix (my reasoning was that if you combine nonce and counter with addition rather than concatenation then you need wraparound since you may start at the end of the counter).
edit2: so what's a reliable way of providing salt? i can't think of one that's context-independent except for simply generating some random junk and appending it to the message. is that ok? (i guess so)
ps, also, while here, i will drop this link which so far has no replies http://codereview.stackexchange.com/questions/19910/simple-c...
Just pick a secure random number of 128 bits for the salt.
And read the NIST docs on CTR mode. Merry Xmas.