CTR cipher mode secret counter?

Tom Source

Would it be safe to use a CTR mode this way: exchange the nonce with DH but the counter is send unencrypted together with the encrypted data.

haven't seen anything about this. IV's don't need to be secret but how is this with the nonce and counter?

i don't see a problem there as long as i use a decent encryption algorithm and use nonce + counter only ones, but incrementing only one bit for each packet in the counter makes me feel odd.

securityencryptioncryptographyencryption-asymmetric

Answers

answered 5 years ago ntoskrnl #1

The nonce does not need to be secret and keeping it secret adds no security.

According to Wikipedia, many others also felt uneasy about counter mode, but by now, "CTR mode is widely accepted, and problems resulting from the input function are recognized as a weakness of the underlying block cipher instead of the CTR mode."

comments powered by Disqus