Re: PROBLEM: AES cryptoloop corruption under recent -mm kernels

From: James Morris
Date: Fri Jan 16 2004 - 10:43:59 EST

Next message: Andries Brouwer: "Re: [PATCH] Increase recursive symlink limit from 5 to 8"
Previous message: Bill Davidsen: "Re: smp dead lock of io_request_lock/queue_lock patch"
In reply to: Mark Borgerding: "Re: PROBLEM: AES cryptoloop corruption under recent -mm kernels"
Next in thread: Mark Borgerding: "Re: PROBLEM: AES cryptoloop corruption under recent -mm kernels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, 16 Jan 2004, Mark Borgerding wrote:

> From looking through the cryptoloop code, it looks like the IV for CBC
> mode is always the sector index. It seems this could be weak against
> chosen plaintext attacks, as well as allowing an attacker to know which
> cipher blocks started any changes between two snapshots of the
> ciphertext. I discuss ECB, since I wouldn't consider using it.

Eli Biham has suggested encrypting the sector numbers, see
http://people.redhat.com/jmorris/crypto/cryptoloop_eli_biham.txt

- James
--
James Morris
<jmorris@xxxxxxxxxx>

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andries Brouwer: "Re: [PATCH] Increase recursive symlink limit from 5 to 8"
Previous message: Bill Davidsen: "Re: smp dead lock of io_request_lock/queue_lock patch"
In reply to: Mark Borgerding: "Re: PROBLEM: AES cryptoloop corruption under recent -mm kernels"
Next in thread: Mark Borgerding: "Re: PROBLEM: AES cryptoloop corruption under recent -mm kernels"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]