From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S262710AbTFTKgO (ORCPT ); Fri, 20 Jun 2003 06:36:14 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S262714AbTFTKgO (ORCPT ); Fri, 20 Jun 2003 06:36:14 -0400 Received: from ns.suse.de ([213.95.15.193]:15370 "EHLO Cantor.suse.de") by vger.kernel.org with ESMTP id S262710AbTFTKgN (ORCPT ); Fri, 20 Jun 2003 06:36:13 -0400 Date: Fri, 20 Jun 2003 12:49:53 +0200 From: Andi Kleen To: J?rn Engel Cc: Andi Kleen , Fruhwirth Clemens , linux-kernel@vger.kernel.org Subject: Re: [PATCH] Initial Vector Fix for loop.c. Message-ID: <20030620104953.GD26678@wotan.suse.de> References: <20030620090612.GA1322@ghanima.endorphin.org.suse.lists.linux.kernel> <20030620101452.GA2233@ghanima.endorphin.org> <20030620102455.GC26678@wotan.suse.de> <20030620103538.GA28711@wohnheim.fh-wedel.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20030620103538.GA28711@wohnheim.fh-wedel.de> Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org > That leaves the question of what the default behaviour should be. If > we have to switch to 512Byte in the long run anyway, there is little > point in postponing the pain. Make it the default, and old behaviour > depends on the flag. In my opinion it doesn't make much difference. crypto-loop has broken beyond belief[1] IV anyways, so they will eventually need to change it. Or just use CBC, which is simpler and compatible and has nearly equivalent security to the easily predictable IV :-) And when they change it they can as well set the flag. Also I think Clemens is exaggerating the problem too. The old 2.2 behaviour of using absolute IVs caused quite some problems, but the relative IVs used in 2.4 are not that bad because it is near always used with 4K blocks (there are exceptions to this, but they're quite rare assuming your file systems are all big enough and you don't use a S390) -Andi [1] the problem is that it is too predictable. consider block 0, which is usually filled with zeros. It also has IV==0. This means it it 100% equivalent to CBC and worse even has known plain text. Same problem applies to other blocks - the layout of most installations generated by standard installers is quite predictible. Fixing it is simple, but requires a new secret per file system.