[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: AW: Hello and DVD-ROM encryption

To: linux-crypto@xxxxxxxxxxxx
Subject: Re: AW: AW: Hello and DVD-ROM encryption
From: Paul Wayper <paul.wayper@xxxxxxxxxx>
Date: Wed, 02 Feb 2005 16:44:38 +1100
In-reply-to: <41FFAA64.A15AAC7A@users.sourceforge.net>
List-archive: <http://mail.nl.linux.org/linux-crypto/>
List-help: <mailto:ecartis@nl.linux.org?Subject=help>
List-id: <linux-crypto.nl.linux.org>
List-owner: <mailto:ecartis-owner@nl.linux.org>
List-post: <mailto:linux-crypto@nl.linux.org>
List-software: Ecartis version 1.0.0
List-subscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=subscribe>
List-unsubscribe: <mailto:linux-crypto-request@nl.linux.org?Subject=unsubscribe>
Organization: Australian National University
References: <41FE52F5.39D3D868@users.sourceforge.net> <13316.1107209693@www13.gmx.net> <41FFAA64.A15AAC7A@users.sourceforge.net>
Sender: linux-crypto-bounce@xxxxxxxxxxxx
User-agent: Mozilla Thunderbird 0.9 (X11/20041113)

Jari Ruusu wrote:

Peter_22@xxxxxx wrote:

Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx> wrote:

Identical ciphertexts leak information.

I must admit, I didn´t get that. Mkisofs -r dirtree builds an ISO image which I pipe through aespipe. You mean I shouldn´t use one keyfile twice for doing this?

If same key file is used for multiple partitions, then adversary can easily detect what sectors are identical on different partitions. Identical plaintext data on different sectors on same file system are not a problem because sector number is used in IV computation, and sector number is guaranteed to be unique on one file system.

Wouldn't this be negated by the fact that you're initialising the storage space for the ISO with /dev/urandom? This would be a fairly good guarantee that blank sectors (the most likely things to be identical) are going to still be different. I thought ISO images wouldn't include any unused blocks, anyway, which would also mean that blank sectors would be irrelevant.

And therefore, if you're not writing identical files in identical locations, isn't the risk associated with reusing a set of keys reduced?

Another way of going about this might be to write a file from /dev/urandom at the size you want and set this up as an loop-AES file system. Copy your files on and then unmount it. Then copy this encrypted filesystem onto the disk. When you want to access it, just use aespipe or loop-AES (not sure which, given the earlier argument about blocksizes) to open that file as a filesystem. Why try to encrypt the ISO image at all?

Have fun,

Paul

--
-- Paul Wayper at ANU - +61 2 6125 0643


-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/

Follow-Ups:
- Re: AW: AW: Hello and DVD-ROM encryption
  - From: Jari Ruusu

References:
- Re: AW: AW: Hello and DVD-ROM encryption
  - From: Jari Ruusu

Prev by Date: Re: AW: AW: Hello and DVD-ROM encryption
Next by Date: Re: AW: AW: Hello and DVD-ROM encryption
Previous by thread: Re: AW: AW: Hello and DVD-ROM encryption
Next by thread: Re: AW: AW: Hello and DVD-ROM encryption
Index(es):
- Date
- Thread