Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S261637AbUCFMmr (ORCPT ); Sat, 6 Mar 2004 07:42:47 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S261660AbUCFMmr (ORCPT ); Sat, 6 Mar 2004 07:42:47 -0500 Received: from atrey.karlin.mff.cuni.cz ([195.113.31.123]:13226 "EHLO atrey.karlin.mff.cuni.cz") by vger.kernel.org with ESMTP id S261637AbUCFMmq (ORCPT ); Sat, 6 Mar 2004 07:42:46 -0500 Date: Thu, 4 Mar 2004 16:08:36 +0100 From: Pavel Machek To: Jean-Luc Cooke Cc: dean gaudet , James Morris , Christophe Saout , Carl-Daniel Hailfinger , Linux Kernel Mailing List , Andrew Morton Subject: Re: dm-crypt, new IV and standards Message-ID: <20040304150836.GE531@openzaurus.ucw.cz> References: <20040220172237.GA9918@certainkey.com> <20040221164821.GA14723@certainkey.com> <20040303150647.GC1586@certainkey.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20040303150647.GC1586@certainkey.com> User-Agent: Mutt/1.3.27i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1213 Lines: 26 Hi! > > > Well, CTR mode is not recommended for encrypted file systems because it is very > > > easy to corrupt single bits, bytes, blocks, etc without an integrity check. > > > If we add a MAC, then any mode of operation except ECB can be used for > > > encrypted file systems. > > > > what does "easy to corrupt" mean? i haven't really seen disks generate > > bit errors ever. this MAC means you'll need to write integrity data for > > every real write. that really doesn't seem worth it... > > The difference between "_1,000,000" and "_8,000,000" is 1 bit. If an > attacker knew enough about the layout of the filesystem (modify times on blocks, > etc) they could flip a single bit and change your _1Mil purchase order > approved by your boss to a _8Mil order. Hmm... long time ago I created crc loop device to catch faulty disks. If cryptoloop can do that for me... very good! -- 64 bytes from 195.113.31.123: icmp_seq=28 ttl=51 time=448769.1 ms - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/