From: Mark Borgerding <mark@borgerding.net>
To: linux-kernel@vger.kernel.org
Subject: Re: PROBLEM: AES cryptoloop corruption under recent -mm kernels
Date: Fri, 16 Jan 2004 12:10:08 -0500 [thread overview]
Message-ID: <40081AF0.5060907@borgerding.net> (raw)
In-Reply-To: <Xine.LNX.4.44.0401161039480.20623-100000@thoron.boston.redhat.com>
James Morris wrote:
>On Fri, 16 Jan 2004, Mark Borgerding wrote:
>
>
>
>> From looking through the cryptoloop code, it looks like the IV for CBC
>>mode is always the sector index. It seems this could be weak against
>>chosen plaintext attacks, as well as allowing an attacker to know which
>>cipher blocks started any changes between two snapshots of the
>>ciphertext. I discuss ECB, since I wouldn't consider using it.
>>
>>
>
>Eli Biham has suggested encrypting the sector numbers, see
>http://people.redhat.com/jmorris/crypto/cryptoloop_eli_biham.txt
>
>
>
>- James
>
>
This does not defend against a dictionary attack.
The IV is still deterministic for a given sector and hypothesized
password.
Thus the ciphertext for a given plaintext at that sector is still
deterministic.
Thinking of it another way, this is equivalent to CBC mode having two
IVs: the first one being the sector number, the second a block of zeros.
- Mark
next prev parent reply other threads:[~2004-01-16 17:10 UTC|newest]
Thread overview: 19+ messages / expand[flat|nested] mbox.gz Atom feed top
2004-01-14 20:36 PROBLEM: AES cryptoloop corruption under recent -mm kernels Jim Faulkner
2004-01-14 20:41 ` Jim Faulkner
2004-01-14 20:52 ` Andrew Morton
2004-01-14 23:30 ` Jim Faulkner
2004-01-15 2:44 ` Matthias Hentges
2004-01-15 16:57 ` Jari Ruusu
2004-01-15 17:24 ` Jim Faulkner
2004-01-15 20:33 ` Jari Ruusu
2004-01-15 22:59 ` Hans Reiser
2004-01-16 14:21 ` Mark Borgerding
2004-01-16 15:42 ` James Morris
2004-01-16 17:10 ` Mark Borgerding [this message]
2004-01-17 2:47 ` David Wagner
2004-01-17 16:13 ` Mark Borgerding
2004-01-17 20:39 ` Shawn Willden
[not found] ` <4007EBDA.2060308@borgerding.net>
[not found] ` <4007F79C.80A5DE72@users.sourceforge.net>
[not found] ` <400818AA.9080009@borgerding.net>
2004-01-16 21:43 ` Jari Ruusu
2004-01-15 18:16 ` James Morris
2004-02-01 17:19 ` Pasi Kärkkäinen
2004-02-01 19:40 ` markus reichelt
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=40081AF0.5060907@borgerding.net \
--to=mark@borgerding.net \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox