Re: [dm-crypt] inner workings of block mode encryption

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Heinz Diehl <htd+ml@fritha.org>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] inner workings of block mode encryption
Date: Sun, 8 Feb 2015 18:42:02 +0100	[thread overview]
Message-ID: <20150208174202.GA7437@fritha.org> (raw)
In-Reply-To: <mb831m$4q8$1@ger.gmane.org>

On 08.02.2015, U.Mutlu wrote: 

> Knowing just one cleartext file, for example a well known static
> system file from the /etc directory, and its encrpted data, could
> easily lead to the master key (assuming the encrypted volume
> contains such system files).

Neither AES, serpent nor twofish are prone to known-plaintext attacks.
Breaking some rounds is not the same as breaking the cipher.

> OTOH, a streaming crypto solution (I think also called 'asymmetric'),
> ie. where each block gets encrypted with a new key derived from
> the previous/initial key together with xoring with varying parts
> of the user data in the block, would IMO make up a much more secure crypto
> solution.

You're mixing symmetric/asymmetric crypto and block cipher modes. A stream
cipher is a symmetric key cipher. The random keystream is used to encrypt the
plaintext, using its seed as the "key". (Btw: dm-crypt works symmetrically, too).
An example for asymmetric encryption would be GPG, which uses a public/private
keypair.

What you describe reminds me on the (ages old - around 1980?) CBC mode, where the IV is
derived from the previous encrypted block. The first plaintext block is xor'ed
to an IV with the same size as the plaintext block itself. CBC is therefore prone to
choosen plaintext attacks. The last "C" in the name says it.

All of this is by no means specific for LUKS/dmcrypt. And there are surely a
lot of others with deeper knowledge who can explain this better to you..

next prev parent reply	other threads:[~2015-02-08 17:42 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-02-08 14:06 [dm-crypt] inner workings of block mode encryption U.Mutlu
2015-02-08 14:22 ` Ralf Ramsauer
2015-02-08 16:31   ` U.Mutlu
2015-02-08 17:42     ` Heinz Diehl [this message]
2015-02-08 21:34       ` Ralf Ramsauer
2015-02-09  2:14         ` Arno Wagner
2015-02-09  1:53     ` Arno Wagner

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20150208174202.GA7437@fritha.org \
    --to=htd+ml@fritha.org \
    --cc=dm-crypt@saout.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.