I'd like to create a simple file-cipher, which provides seekable encryption (so I can decrypt any part of the encrypted message, without the need of decrypt from the start).
Here's my current idea: I generate a 128-bit IV, that will be the first 16 byte of the encrypted file. Then I use AES CTR, and encrypt the file. The initial counter value is IV, then I increment it for each 16-byte block.
The source file is chunk based: each chunk is followed by its SHA256. My need is to be able to read each whole chunk securely. After a chunk decrypted, its hash will be verified.
Is this method secure (suppose that counter values don't overlap)?
Is there a better (more secure) method to achieve this?
Note: I choose to use 128-bit IV, because of the comment of Ilmari Karonen here.
