Re: Loop-AES and Twofish on 64-bit CPU

[Gisle Sælensminde <Gisle.Salensminde@xxxxxxxxxxx>]

Gisle Sælensminde wrote:

> One such weak link in earlier versions of loop-aes (and as far as I 
> know, still in cryptoloop) was the way each block were encrypted, that 
> allowed an attacker to see the the location of the first change in 
> each disk block when it changed. 

This may be interpreted as that you could read the plaintext due to 
this, which it would not let you. It would only let you see that only 
(say) the last x bytes changed, since only the bytes after that point 
changed on the disk block. Now the bytes before that point change too. 
This cannot be used to recover plaintext, but it can give a better 
granularity than the disk block for seeing what have changed where on 
the disk. It was nevertheless correct to change it, since it give more 
information about the underlaying data than desired.

Just to avoid any misunderstandings.

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/