From: Milan Broz <gmazyland@gmail.com>
To: Mike Snitzer <snitzer@redhat.com>
Cc: dm-devel@redhat.com
Subject: Re: [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers.
Date: Mon, 28 Oct 2013 17:58:35 +0100 [thread overview]
Message-ID: <526E97BB.2080604@gmail.com> (raw)
In-Reply-To: <20131028160849.GB25212@redhat.com>
On 28.10.2013 17:08, Mike Snitzer wrote:
> What does TCW mean? How does it relate to CBC?
> - Is TCW mode: "CBC mode with some additional tweaks"?
Yes, as said in previous mail, it is just shortcut.
>
>> While TCRYPT CBC mode is legacy and is known to be vulnerable
>> to some watermarking attacks (e.g. revealing of hidden disk
>> existence) it can be still useful to mount old containers
>> without using 3rd party software or for independent forensic
>> analysis of such containers.
>
> Now you're switching back to referring to "TCRYPT CBC mode". What
> happened to "TCW mode"?
I am talking about implementation in general, not dmcrypt specific one.
It is still the same mode of course.
>> There is also second key used for "whitening" of sectors.
>> Whitening key is xored with sector number and mixed using
>> CRC32 and resulting value is applied to whole sector.
>> (Detailed calculation is in Truecrypt documentation for version < 4.1
>> and will be also described on dmcrypt site.)
>
> Can you add a pointer to the Truecrypt documentation for < 4.1?
I am afraid they removed all old documentation from site.
(but search google e.g. for truecrypt-3.1a-user-guide.pdf or
some similar version which use CBC mode, whitening and IV
generator is described there as well)
> Or a pointer to the dmcrypt site documentation?
Description is not yet there (once it is in kernel I will add it)
but link is referenced even from kernel Documentation
http://code.google.com/p/cryptsetup/wiki/DMCrypt
(and yes, seems that IV generators need better description there)
Thanks,
Milan
next prev parent reply other threads:[~2013-10-28 16:58 UTC|newest]
Thread overview: 17+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-10-20 13:16 [PATCH 1/2] dm-crypt: Properly handle extra key string in initialization Milan Broz
2013-10-20 13:16 ` [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers Milan Broz
2013-10-28 16:08 ` Mike Snitzer
2013-10-28 16:58 ` Milan Broz [this message]
2013-10-28 15:44 ` [PATCH 1/2] dm-crypt: Properly handle extra key string in initialization Mike Snitzer
2013-10-28 16:46 ` Milan Broz
2013-10-28 22:21 ` Milan Broz
2013-10-28 22:21 ` [PATCH 2/2] dm-crypt: Add TCW IV mode for old CBC TCRYPT containers Milan Broz
2013-10-30 0:50 ` Mike Snitzer
2013-10-30 18:12 ` Alasdair G Kergon
2013-11-02 21:24 ` [PATCH 3/4] dm-crypt: Fix code formatting to make agk happy Milan Broz
2013-11-02 21:24 ` [PATCH 4/4] dm-crypt: Fix sparse (different base types) warnings Milan Broz
2013-11-05 13:41 ` Alasdair G Kergon
2013-10-30 0:49 ` [PATCH 1/2] dm-crypt: Properly handle extra key string in initialization Mike Snitzer
2013-10-30 2:48 ` Alasdair G Kergon
2013-10-30 19:30 ` Milan Broz
2013-10-30 3:23 ` Alasdair G Kergon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=526E97BB.2080604@gmail.com \
--to=gmazyland@gmail.com \
--cc=dm-devel@redhat.com \
--cc=snitzer@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.