Re: loop.c transfer module api

kernel@draper.net
Tue, 7 Sep 1999 09:10:25 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Mike Jagdis: "Re: > 15,000 Simultaneous Connections"
Previous message: Alexander S A Kjeldaas: "Re: loop.c transfer module api"

On Tue, Sep 07, 1999 at 03:50:41PM +0200, Alexander S A Kjeldaas wrote:
> On Tue, Sep 07, 1999 at 07:20:03AM -0500, kernel@draper.net wrote:
> >
> > I think your #2 idea is perfect. Suppose one were to develop a
> > "filesystem signature" in losetup as a hash of the fully qualified
> > device/file name, stuff that into the loop_device structure, and then have
> > loop.c pass IV = relative_block + signature into the transfer module.
> > The result is both relocatable and avoids duplication of ciphertext...
> > the best of both worlds.
> >
>
> The IV should be _random_, not secret. Just look at the operation of
> CBC mode. Each block of ciphertext is the next block's "IV". So
> there is no reason to keep the first IV secret when all the other
> "IVs" are exposed. What we want to do is to keep the first IV
> _random_.
>

You do not consider a hash of the device/file name to be sufficiently
random?

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/

Next message: Mike Jagdis: "Re: > 15,000 Simultaneous Connections"
Previous message: Alexander S A Kjeldaas: "Re: loop.c transfer module api"