From: Fruhwirth Clemens <clemens@endorphin.org>
To: Andi Kleen <ak@suse.de>
Cc: J?rn Engel <joern@wohnheim.fh-wedel.de>,
Fruhwirth Clemens <clemens-dated-1056968093.cf44@endorphin.org>,
linux-kernel@vger.kernel.org
Subject: Re: [PATCH] Initial Vector Fix for loop.c.
Date: Fri, 20 Jun 2003 13:15:40 +0200 [thread overview]
Message-ID: <20030620111540.GA2649@ghanima.endorphin.org> (raw)
In-Reply-To: <20030620104953.GD26678@wotan.suse.de>
[-- Attachment #1: Type: text/plain, Size: 975 bytes --]
On Fri, Jun 20, 2003 at 12:49:53PM +0200, Andi Kleen wrote:
Comment: [1] stands for cryptoloop's CBC mode.
> [1] the problem is that it is too predictable. consider block 0,
> which is usually filled with zeros. It also has IV==0. This means
> it it 100% equivalent to CBC and worse even has known plain text.
> Same problem applies to other blocks - the layout of most
> installations generated by standard installers is quite predictible.
> Fixing it is simple, but requires a new secret per file system.
Adding another secret doesn't improve security in that case.
Of course the first block is vulnerable to known plaintext attacks, but you
can only prevent those if you make the IV dependend on another secret.. the
key for example. But then you could have also just increased the key size,
which somehow automatically leads to the conclusion: the key is the only
secret which matters. You don't add security if you split the secret.
Clemens
[-- Attachment #2: Type: application/pgp-signature, Size: 232 bytes --]
next prev parent reply other threads:[~2003-06-20 11:03 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030620090612.GA1322@ghanima.endorphin.org.suse.lists.linux.kernel>
2003-06-20 9:30 ` [PATCH] Initial Vector Fix for loop.c Andi Kleen
2003-06-20 10:14 ` Fruhwirth Clemens
2003-06-20 10:24 ` Andi Kleen
2003-06-20 10:33 ` Fruhwirth Clemens
2003-06-20 10:35 ` Jörn Engel
2003-06-20 10:49 ` Andi Kleen
2003-06-20 10:52 ` Andi Kleen
2003-06-20 11:15 ` Fruhwirth Clemens [this message]
2003-06-20 10:51 ` Fruhwirth Clemens
2003-06-20 11:03 ` Jörn Engel
2003-06-21 2:18 ` Jan Rychter
2003-06-24 18:22 ` Bill Davidsen
2003-06-20 17:56 ` Andrew Morton
2003-06-20 18:14 ` David S. Miller
2003-06-20 19:04 ` Andries Brouwer
2003-06-20 13:38 Fruhwirth Clemens
-- strict thread matches above, loose matches on Subject: below --
2003-06-20 9:06 Fruhwirth Clemens
2003-06-20 9:23 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030620111540.GA2649@ghanima.endorphin.org \
--to=clemens@endorphin.org \
--cc=ak@suse.de \
--cc=clemens-dated-1056968093.cf44@endorphin.org \
--cc=joern@wohnheim.fh-wedel.de \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.