Content-Type: text/plain; charset=us-ascii
On Fri, Jun 20, 2003 at 12:49:53PM +0200, Andi Kleen wrote:
Comment:  stands for cryptoloop's CBC mode.
>  the problem is that it is too predictable. consider block 0,
> which is usually filled with zeros. It also has IV=3D=3D0. This means
> it it 100% equivalent to CBC and worse even has known plain text.
> Same problem applies to other blocks - the layout of most=20
> installations generated by standard installers is quite predictible.
> Fixing it is simple, but requires a new secret per file system.
Adding another secret doesn't improve security in that case.=20
Of course the first block is vulnerable to known plaintext attacks, but you
can only prevent those if you make the IV dependend on another secret.. the
key for example. But then you could have also just increased the key size,
which somehow automatically leads to the conclusion: the key is the only
secret which matters. You don't add security if you split the secret.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
-----END PGP SIGNATURE-----