Re: dm-crypt, new IV and standards

From: David Wagner
Date: Wed Mar 03 2004 - 16:46:14 EST

Next message: Greg KH: "Re: Question about (or bug in?) the kobject implementation"
Previous message: Martin J. Bligh: "Re: 230-objrmap fixes for 2.6.3-mjb2"
In reply to: Jean-Luc Cooke: "Re: dm-crypt, new IV and standards"
Next in thread: dean gaudet: "Re: dm-crypt, new IV and standards"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Jean-Luc Cooke wrote:
>Christophe and I's scheme of IV = firstIV + blockNum
>for initial setup and IV = IV + 2^64 for IV updates will work fine

That's not ideal. I'd suggest IV = HMAC_k(firstIV, blockNum) or somesuch.
Sequential IV's aren't a good choice with CBC -- they can leak a little
bit of information about the first block of plaintext, in some cases.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Greg KH: "Re: Question about (or bug in?) the kobject implementation"
Previous message: Martin J. Bligh: "Re: 230-objrmap fixes for 2.6.3-mjb2"
In reply to: Jean-Luc Cooke: "Re: dm-crypt, new IV and standards"
Next in thread: dean gaudet: "Re: dm-crypt, new IV and standards"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]