From: Mark Borgerding <mark@borgerding.net>
To: linux-kernel@vger.kernel.org
Subject: Re: PROBLEM: AES cryptoloop corruption under recent -mm kernels
Date: Fri, 16 Jan 2004 12:10:08 -0500 [thread overview]
Message-ID: <40081AF0.5060907@borgerding.net> (raw)
In-Reply-To: <Xine.LNX.4.44.0401161039480.20623-100000@thoron.boston.redhat.com>
James Morris wrote:
>On Fri, 16 Jan 2004, Mark Borgerding wrote:
>
>
>
>> From looking through the cryptoloop code, it looks like the IV for CBC
>>mode is always the sector index. It seems this could be weak against
>>chosen plaintext attacks, as well as allowing an attacker to know which
>>cipher blocks started any changes between two snapshots of the
>>ciphertext. I discuss ECB, since I wouldn't consider using it.
>>
>>
>
>Eli Biham has suggested encrypting the sector numbers, see
>http://people.redhat.com/jmorris/crypto/cryptoloop_eli_biham.txt
>
>
>
>- James
>
>
This does not defend against a dictionary attack.
The IV is still deterministic for a given sector and hypothesized
password.
Thus the ciphertext for a given plaintext at that sector is still
deterministic.
Thinking of it another way, this is equivalent to CBC mode having two
IVs: the first one being the sector number, the second a block of zeros.
- Mark
next prev parent reply other threads:[~2004-01-16 17:10 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-14 20:36 PROBLEM: AES cryptoloop corruption under recent -mm kernels Jim Faulkner
2004-01-14 20:41 ` Jim Faulkner
2004-01-14 20:52 ` Andrew Morton
2004-01-14 23:30 ` Jim Faulkner
2004-01-15 2:44 ` Matthias Hentges
2004-01-15 16:57 ` Jari Ruusu
2004-01-15 17:24 ` Jim Faulkner
2004-01-15 20:33 ` Jari Ruusu
2004-01-15 22:59 ` Hans Reiser
2004-01-16 14:21 ` Mark Borgerding
2004-01-16 15:42 ` James Morris
2004-01-16 17:10 ` Mark Borgerding [this message]
2004-01-17 2:47 ` David Wagner
2004-01-17 16:13 ` Mark Borgerding
2004-01-17 20:39 ` Shawn Willden
[not found] ` <4007EBDA.2060308@borgerding.net>
[not found] ` <4007F79C.80A5DE72@users.sourceforge.net>
[not found] ` <400818AA.9080009@borgerding.net>
2004-01-16 21:43 ` Jari Ruusu
2004-01-15 18:16 ` James Morris
2004-02-01 17:19 ` Pasi Kärkkäinen
2004-02-01 19:40 ` markus reichelt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40081AF0.5060907@borgerding.net \
--to=mark@borgerding.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.