pp 36 and 37.

I understand the SimpleCTRExample with the exception of the part detailing how the IV ending in 3 zeros and one byte tells me that I should limit my processing to data that is no more than 2^35 bytes. How does 0001 tell me that? Also, can anyone explain the pat about how the first 4 bytes of the IV determine the number of messages that can be encrypted?

Bryan

In the example IV is divided into two sections - the first four bytes are a random number fulfilling the role of a tradition initialisation vector, the second 4 bytes start at 00000001 and are incremented as each byte is processed. If the counter gets to ffffffff adding one will set the counter bytes back to zero and add one to the first 4 bytes - thus cycling the counter. This can be a problem if the first 4 bytes are the same for two identical or similar messages (they look the same encrypted for the same key), likewise the cycling can introduce this problem if sections of the message stream are similar, consequently the safest approach is to only process messages within the range of the counter bytes (in this case 00000001 to ffffffff) and not re-use the IV bytes for other messages.

Regards,

David