From: Andi Kleen <ak@suse.de>
To: J?rn Engel <joern@wohnheim.fh-wedel.de>
Cc: Andi Kleen <ak@suse.de>,
Fruhwirth Clemens <clemens-dated-1056968093.cf44@endorphin.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Initial Vector Fix for loop.c.
Date: Fri, 20 Jun 2003 12:49:53 +0200 [thread overview]
Message-ID: <20030620104953.GD26678@wotan.suse.de> (raw)
In-Reply-To: <20030620103538.GA28711@wohnheim.fh-wedel.de>
> That leaves the question of what the default behaviour should be. If
> we have to switch to 512Byte in the long run anyway, there is little
> point in postponing the pain. Make it the default, and old behaviour
> depends on the flag.
In my opinion it doesn't make much difference. crypto-loop
has broken beyond belief[1] IV anyways, so they will
eventually need to change it. Or just use CBC, which is simpler
and compatible and has nearly equivalent security to the easily
predictable IV :-) And when they change it they can as well set the flag.
Also I think Clemens is exaggerating the problem too.
The old 2.2 behaviour of using absolute IVs caused quite
some problems, but the relative IVs used in 2.4 are
not that bad because it is near always used with 4K
blocks (there are exceptions to this, but they're quite
rare assuming your file systems are all big enough
and you don't use a S390)
-Andi
[1] the problem is that it is too predictable. consider block 0,
which is usually filled with zeros. It also has IV==0. This means
it it 100% equivalent to CBC and worse even has known plain text.
Same problem applies to other blocks - the layout of most
installations generated by standard installers is quite predictible.
Fixing it is simple, but requires a new secret per file system.
next prev parent reply other threads:[~2003-06-20 10:36 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030620090612.GA1322@ghanima.endorphin.org.suse.lists.linux.kernel>
2003-06-20 9:30 ` [PATCH] Initial Vector Fix for loop.c Andi Kleen
2003-06-20 10:14 ` Fruhwirth Clemens
2003-06-20 10:24 ` Andi Kleen
2003-06-20 10:33 ` Fruhwirth Clemens
2003-06-20 10:35 ` Jörn Engel
2003-06-20 10:49 ` Andi Kleen [this message]
2003-06-20 10:52 ` Andi Kleen
2003-06-20 11:15 ` Fruhwirth Clemens
2003-06-20 10:51 ` Fruhwirth Clemens
2003-06-20 11:03 ` Jörn Engel
2003-06-21 2:18 ` Jan Rychter
2003-06-24 18:22 ` Bill Davidsen
2003-06-20 17:56 ` Andrew Morton
2003-06-20 18:14 ` David S. Miller
2003-06-20 19:04 ` Andries Brouwer
2003-06-20 13:38 Fruhwirth Clemens
-- strict thread matches above, loose matches on Subject: below --
2003-06-20 9:06 Fruhwirth Clemens
2003-06-20 9:23 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030620104953.GD26678@wotan.suse.de \
--to=ak@suse.de \
--cc=clemens-dated-1056968093.cf44@endorphin.org \
--cc=joern@wohnheim.fh-wedel.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.