24758 – Check the plaintext size limitation for AES-CTR

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 24758 - Check the plaintext size limitation for AES-CTR

Summary: Check the plaintext size limitation for AES-CTR

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Web Cryptography
Classification:	Unclassified
Component:	Web Cryptography API Document (show other bugs)
Version:	unspecified
Hardware:	PC All

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ryan Sleevi
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-02-21 00:28 UTC by Mark Watson
Modified:	2014-02-21 02:13 UTC (History)
CC List:	0 users

See Also:

Attachments

Description Mark Watson 2014-02-21 00:28:30 UTC

Every counter block must have a different value, so the plaintext / ciphertext length is constrained to be no greater than the size of 2^length blocks.

Comment 1 Ryan Sleevi 2014-02-21 02:13:19 UTC

Quality of implementation issue. This is cryptographically no different than discussing entropy of primes.

We discuss this at every F2F it seems, and at every F2F we seem to reach consensus that it's NOT reasonable for an implementation to, for example, 'remember' every IV that was used with a given key. As such, this is at best a "prevent you from doing crypto bad", which we've agreed is not an acceptable justification in and of itself.

I can think of no possible implementation that, within space and time bounds, can reasonably provide these assurances over a generic API such as Web Cryptography.