Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S265422AbUAPPmk (ORCPT ); Fri, 16 Jan 2004 10:42:40 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S265445AbUAPPmj (ORCPT ); Fri, 16 Jan 2004 10:42:39 -0500 Received: from nat-pool-bos.redhat.com ([66.187.230.200]:53856 "EHLO thoron.boston.redhat.com") by vger.kernel.org with ESMTP id S265422AbUAPPmi (ORCPT ); Fri, 16 Jan 2004 10:42:38 -0500 Date: Fri, 16 Jan 2004 10:42:36 -0500 (EST) From: James Morris X-X-Sender: jmorris@thoron.boston.redhat.com To: Mark Borgerding cc: linux-kernel@vger.kernel.org Subject: Re: PROBLEM: AES cryptoloop corruption under recent -mm kernels In-Reply-To: <4007F360.50905@borgerding.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 816 Lines: 24 On Fri, 16 Jan 2004, Mark Borgerding wrote: > From looking through the cryptoloop code, it looks like the IV for CBC > mode is always the sector index. It seems this could be weak against > chosen plaintext attacks, as well as allowing an attacker to know which > cipher blocks started any changes between two snapshots of the > ciphertext. I discuss ECB, since I wouldn't consider using it. Eli Biham has suggested encrypting the sector numbers, see http://people.redhat.com/jmorris/crypto/cryptoloop_eli_biham.txt - James -- James Morris - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/