http://disqus.com/by/lazappa/enThu, 10 Sep 2009 12:29:16 -0000http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html#comment-16310349<p>Thanks for the reply. I just re-read the section that had me worried more carefully and it is indicating that reusing the same counter block with a secret key compromises that secret key, as you mention. The document starts calling the combination of the counter and the secret key a key stream in section 7 (Security Considerations). I was confusing key stream with secret key since the distinction in the RFC is subtle.</p>lazappaThu, 10 Sep 2009 12:29:16 -0000http://www.daemonology.net/blog/2009-06-11-cryptographic-right-answers.html#comment-16301618<p>I came upon this post at an opportune time while working on some new cryptographic features at my workplace. This prompted me to learn a bit more about the specifics of the recommendations made here. Not being familiar with CTR mode, I went and read over RFC 3686 which describes a similar approach to your recommendation. A major thing that it recommends that isn't mentioned here is that CTR is not appropriate for using with static keys. I haven't taken the time yet to fully digest why, but that seems like a big caveat to keep in mind.</p>lazappaThu, 10 Sep 2009 09:33:02 -0000