> From: owner-openssl-us...@openssl.org [mailto:owner-openssl- > us...@openssl.org] On Behalf Of Ken Goldman > > The standard answer: If this is a real security project, hire an > expert. If you design your own crypto algorithm, you will get it wrong. > > If this is just for fun, to learn about openssl, CTR mode will give you > random access.
The thing about CTR mode is that it needs a nonce. Good when you're engaging live communication with another party, so you can do the nonce exchange like a key exchange, but if the encrypted data is on disk for a later time... You need some way of regenerating the nonce. Which is conceptually the same thing as I originally said ... Store a second key, encrypted... Then decrypt the second key and apply it to the block number and using the result for IV. When I say "apply" to the block number, I suggested Adding or Xoring or encrypting... In CTR mode, you're basically adding the nonce & the counter, using it as the IV. So, in consideration of the two techniques: Storing an encrypted second key (or nonce) and adding or xor'ing with block number to generate IV (such as CTR mode), versus encrypting the block number with your original key to use for IV... If you store a second key (or nonce) separately, then you can decrypt the second key once, and repeatedly perform a really fast cheap operation such as add. (Such as CTR mode does.) If you directly encrypt the block number, then you don't need to store a second key, but you have to perform twice as many encryption/decryption operations, because you'll have to encrypt the block number once for every block, before you can encrypt/decrypt your data. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org