By my reading of the documentation of the AES package in hackage (http://hackage.haskell.org/packages/archive/AES/0.2.7/doc/html/Codec-Crypto-...), the sizes of the strict bytestring chunks of the lazy bytestring given to crypt must be multiples of 16 bytes or the resulting output will act as though the strict bytestrings were padded to 16 bytes with zeroes. I'm having trouble seeing this behaviour, so I'm wondering if I'm mis-reading the documentation or if I'm not understanding what's happening. Here's a ghci run: Prelude> import Codec.Crypto.AES Prelude Codec.Crypto.AES> let lconcat = Data.ByteString.Lazy.concat Prelude Codec.Crypto.AES> let lpack=Data.ByteString.Lazy.Char8.pack Prelude Codec.Crypto.AES> let strict = Data.ByteString.concat $ Data.ByteString.Lazy.toChunks $ lconcat [lpack "hi", lpack "there", lpack "everybody"] Prelude Codec.Crypto.AES> let lazy = lconcat [lpack "hi", lpack "there", lpack "everybody"] Prelude Codec.Crypto.AES> lazy Chunk "hi" (Chunk "there" (Chunk "everybody" Empty)) Prelude Codec.Crypto.AES> let pw = pack "0123456789abcdef" Prelude Codec.Crypto.AES> let sencode = crypt' CTR pw pw Encrypt strict Prelude Codec.Crypto.AES> let lencode = crypt CTR pw pw Encrypt lazy Prelude Codec.Crypto.AES> Data.ByteString.concat $ Data.ByteString.Lazy.toChunks lencode "\SUB\ESC\n\224{\174\152dv\194j\DC1\ESCf\209\FS" Prelude Codec.Crypto.AES> sencode "\SUB\ESC\n\224{\174\152dv\194j\DC1\ESCf\209\FS" So, I'm not seeing the padding of each strict bytestring of the lazy bytestring in the output encoding. I'd say that's a good thing, but it's not what I expect from the documentation, so I'd just like to know if I'm doing something wrong before I go and depend on lazy bytestrings working like this.