MODE_CTR and Crypto.Util.Counter should be documented
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Python-Crypto |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
CTR mode is probably the best unauthenticated block cipher mode of operation out there, and the PyCrypto documentation for it sucks.
Here's some sample code that uses the fast Crypto.Util.Counter implementation:
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from Crypto.Util import Counter
# Pick a random 64-bit nonce
nonce = get_random_bytes(8)
# Encrypt using AES-256 in CTR mode
e = AES.new("k"*16, AES.MODE_CTR, counter=
ciphertext = e.encrypt("hello world!")
# Decrypt using AES-256 in CTR mode
d = AES.new("k"*16, AES.MODE_CTR, counter=
plaintext = d.decrypt(
Here's some functionally equivalent code that uses plain Python, rather than the faster Crypto.Util.Counter implementation:
from Crypto.Cipher import AES
from Crypto.Random import get_random_bytes
from Crypto.Util.number import bytes_to_long, long_to_bytes
class MyCounter(object):
def __init__(self, nonce):
self.c = (bytes_
def __call__(self):
self.c += 1
return long_to_
# Pick a random 64-bit nonce
nonce = get_random_bytes(8)
# Encrypt using AES-256 in CTR mode
e = AES.new("k"*32, AES.MODE_CTR, counter=
ciphertext = e.encrypt("hello world!")
# Decrypt using AES-256 in CTR mode
d = AES.new("k"*32, AES.MODE_CTR, counter=
plaintext = d.decrypt(
| Changed in pycrypto: | |
| status: | New → Confirmed |
| description: | updated |
| Andrew Cooke (ato2gx513oupn-andrew-n1by9anq91ai4) wrote | #1 |
| Andrew Cooke (ato2gx513oupn-andrew-n1by9anq91ai4) wrote | #2 |
isn't it better to use the full block size as a random offset and then wraparound? that way you distribute even duplicate messages across the entire space available.