Reed Petty wrote:
> Caution is advised when depending upon crypto systems that use relative
> block numbers as IV. The security may not be a strong as hoped.
> There are some who believe that "not unique" IVs (across multiple
> filesystems) facilitates some methods of cryptanalysis.
...
Ahh that explains it...
> Perhaps losetup can allow the user to specify a "IVseed" value
> and then pass to the transfer modules IVseed + relative block.
> This would also allow existing absolute block based encrypted file
> systems to be relocated (IVseed = absolute # of 1st block), satisfy
> those among us who demand unique IVs, and allow those who prefer
> operational convenience at the cost of weaker security to do so.
An IVseed is a good idea.
What would you think of using a secure hash function on the key
as IVseed ?
This should ensure almost unique IVs and you don't need a
second parameter two encrypt/decrypt a file.
(On the other hand this scheme is of course weaker than
your approach...)
so long
Ingo
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Oct 15 2000 - 21:00:27 EST