Using the nonce and counter correctly for AES-CTR mode
问题 I understand that in AES Counter mode I need to use a 128 bit nonce. The naïve way to do that would be to use a random 128 bit nonce, but I'm not sure the algorithm will be able to increment the counter correctly if it's passed as all random bits. I thought the correct way to do it is to use a 96 bit nonce and also a 32 bit counter starting at 0, for example: var key = CryptoJS.enc.Hex.parse('01ab23cd45ef67089a1b2c3d4e5f6a7b'); // 128 bits / 16 bytes var nonce = '2301cd4ef785690a1b2c3dab'; //