[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: single-key vs multi-key
Marco Fonseca wrote:
> I've been searching for some info on single-key vs multi-key, but
> haven't found a great deal of it. How much more superior is multi-key
> over single-key. Any info would be helpful.
loop-AES version 1 on-disk format (single-key) has easily exploitable IV
computation weakness and should not be used. loop-AES version 2 and 3
on-disk formats (multi-key) have stronger IV computation. Since on-disk
format needed to be changed on v1-to-v2 transition, multiple encryption keys
were also included at the same time. Multi-key mode reduces amount of data
encrypted using one encryption key, and thus reduces probability of
identical ciphertexts using same encryption key. Identical ciphertexts leak
information.
Old versions of dm-crypt and truecrypt had same exploitable IV computation
weakness, but newer versions of those implementations fixed that weakness in
different way.
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/