Re: Re: Loop-AES and Twofish on 64-bit CPU

[Peter_22@xxxxxx]

"Gisle Sælensminde" <Gisle.Salensminde@xxxxxxxxxxx> wrote:
>[...] One such weak link in earlier versions of 
> loop-aes (and as far as I know, still in cryptoloop) was the way each 
> block were encrypted, that allowed an attacker to see the the location 
> of the first change in each disk block when it changed. In that case, it 
> would not have helped with several loop devices or double encryption. 
> While the seriousness of the attack can be argued about, it shows that 
> several layers of encryption may not help if an attack is on a different 
> part of the system.

Oh, that just reminds me of some guy called "Clemens Fruhwirth".
(http://clemens.endorphin.org/aboutme)
Maybe you want to visit his page. "I brought an 586/686 assembler version of AES to the kernel, then started to work on dm-crypt. I invented and implemented ESSIV for dm-crypt, and tried to implement another nice encryption mode, called LRW."
I wondered what LRW might be ever since he mentioned it here. You suppose the way loop-aes uses the aes cipher, namely CBC, is insecure? In case Mr. Fruhwirth had published loop-aes with LRW I´d given it a try. But as things are it seems to be a good choice to use loop-aes as it is and take 2 or more loop devices. Ok, and that´s all on this case.
Good luck on your anaysis of the cryptosystem. I only fear I can´t help with that:-(

Regards,
Peter

-- 


Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/