Re: [PATCH] Initial Vector Fix for loop.c.

• Next message: Peter Chubb: "[PATCH] `microstate' accounting for 2.5 kernels"
• Previous message: Mike Galbraith: "Re: [PATCH] sleep_decay for interactivity 2.5.72 - testers needed"
• In reply to: Andi Kleen: "Re: [PATCH] Initial Vector Fix for loop.c."
• Next in thread: Fruhwirth Clemens: "Re: [PATCH] Initial Vector Fix for loop.c."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jun 20, 2003 at 12:49:53PM +0200, Andi Kleen wrote:

Comment: [1] stands for cryptoloop's CBC mode.

> [1] the problem is that it is too predictable. consider block 0,
> which is usually filled with zeros. It also has IV==0. This means
> it it 100% equivalent to CBC and worse even has known plain text.
> Same problem applies to other blocks - the layout of most
> installations generated by standard installers is quite predictible.
> Fixing it is simple, but requires a new secret per file system.

Adding another secret doesn't improve security in that case.
Of course the first block is vulnerable to known plaintext attacks, but you
can only prevent those if you make the IV dependend on another secret.. the
key for example. But then you could have also just increased the key size,
which somehow automatically leads to the conclusion: the key is the only
secret which matters. You don't add security if you split the secret.

Clemens

• application/pgp-signature attachment: stored

• Next message: Peter Chubb: "[PATCH] `microstate' accounting for 2.5 kernels"
• Previous message: Mike Galbraith: "Re: [PATCH] sleep_decay for interactivity 2.5.72 - testers needed"
• In reply to: Andi Kleen: "Re: [PATCH] Initial Vector Fix for loop.c."
• Next in thread: Fruhwirth Clemens: "Re: [PATCH] Initial Vector Fix for loop.c."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b29 : Mon Jun 23 2003 - 22:00:32 EST