Re: [PATCH] Delete cryptoloop

From: Pascal Brisset
Date: Thu Jul 22 2004 - 14:50:16 EST

Next message: hui: "Re: [linux-audio-dev] Re: [announce] [patch] Voluntary Kernel Preemption Patch"
Previous message: Christoph Hellwig: "Re: Altix I/O code re-org"
In reply to: Petr Baudis: "Re: Re: [PATCH] Delete cryptoloop"
Next in thread: Martin Schlemmer: "Re: [PATCH] Delete cryptoloop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

hpa@xxxxxxxxx (H. Peter Anvin) wrote in message
news:<2kMAw-rl-15@xxxxxxxxxxxxxxxx>...
> So does cryptoloop use a different IV for different blocks? The need
> for the IV to be secret is different for different ciphers, but for
> block ciphers the rule is that is must not repeat, and at least
> according to some people must not be trivially predictable. [...]

The IV is predictable in cryptoloop and in other implementations.
This causes specially crafted watermarks to be detectable through
the encryption [1]. Pretty bad, but whether this is really a
concern or not depends a lot on what you are encrypting.

-- Pascal

[1] Markku-Juhani Saarinen: Encrypted Watermarks; Security Vulnerabilities in Laptop Encryption (Security Forum Workshop 2004)

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: hui: "Re: [linux-audio-dev] Re: [announce] [patch] Voluntary Kernel Preemption Patch"
Previous message: Christoph Hellwig: "Re: Altix I/O code re-org"
In reply to: Petr Baudis: "Re: Re: [PATCH] Delete cryptoloop"
Next in thread: Martin Schlemmer: "Re: [PATCH] Delete cryptoloop"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]