From: Henrik Theiling <theiling@absint.com>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] 1,5 TB partition: use cbc-essiv or xts-plain?
Date: Tue, 04 Aug 2009 15:27:20 +0200 [thread overview]
Message-ID: <of8zlaf3e13.fsf@stahl.absint.com> (raw)
In-Reply-To: <20090804004626.4a811f96@gmail.com> (Moji's message of "Tue\, 4 Aug 2009 00\:46\:26 +0300")
Hi!
Moji writes:
>...
> Also, based on the information I have posted, and assuming that you
> will not be using raid to break up the device, I would recommend:
>
> serpent-cbc-essiv:sha256
>
> serpent because it is very strong cipher, even though it has not as
> much testing as AES, and cbc-essiv, because I have not seen any
> reports of inherent vulnerabilities on larger devices.
Thanks for the recommendation and the explaining!
From what I understand, the Wikipedia lists a decryption attack
against any form of CBC regardless of the IV method. It always works
because of the simple chaining using the previous cypher text: for
decrypting any but the first block of a sector, you do not need the
IV, but the only thing you need is the previous encrypted block, which
you naturally have. So if you can ask for decryption of a single
sector on the device, you can decrypt all but the first block of any
other sector of the device, too, by simply copying the desired block
to the block you can decrypt.
However, I think if anyone can decrypt a single sector of my harddisk,
they can decrypt any sector anyway, so this seems like no problem to
me.
From the wording of the Wikipedia article, however, it is not
completely clear to me how serious the watermarking attack on CBC is.
The IV function is known, so can two blocks be easily constructed in
such a way that their cbc-essiv:sha256 encryption (with whatever main
algorithm) is identical? You'd need to know the sector for that plus
break SHA256, because ESSIV uses the hash of the encryption key plus
the sector number to generate the IV, right? If I understood that
correctly, then I can safely get back to relaxing, enjoying the summer
and drinking beer instead of thinking about this any longer.
**Henrik
next prev parent reply other threads:[~2009-08-04 13:27 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-03 12:53 [dm-crypt] 1,5 TB partition: use cbc-essiv or xts-plain? Henrik Theiling
2009-08-03 14:34 ` Heinz Diehl
2009-08-03 16:16 ` Henrik Theiling
2009-08-03 17:34 ` Heinz Diehl
2009-08-03 17:37 ` Heinz Diehl
2013-01-03 9:50 ` Peter Pfundstein
2009-08-03 14:43 ` [dm-crypt] E3E-2A1 - 1, 5 " Heinz Diehl
2009-08-03 20:48 ` [dm-crypt] 1,5 " Moji
2009-08-04 7:42 ` Milan Broz
2009-08-04 13:01 ` Henrik Theiling
2009-08-03 21:46 ` Moji
2009-08-04 13:27 ` Henrik Theiling [this message]
2009-08-04 13:55 ` Moji
2009-08-06 11:02 ` Salatiel Filho
2009-08-06 14:32 ` Henrik Theiling
2009-08-06 15:24 ` Heinz Diehl
2009-08-06 16:00 ` Salatiel Filho
2009-08-06 16:02 ` Salatiel Filho
2009-08-07 12:16 ` Salatiel Filho
2009-08-07 12:20 ` Salatiel Filho
2009-08-07 16:00 ` Salatiel Filho
2009-08-08 8:27 ` Heinz Diehl
2009-08-08 10:03 ` Salatiel Filho
2009-08-06 15:43 ` Sam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=of8zlaf3e13.fsf@stahl.absint.com \
--to=theiling@absint.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox