Re: Status in 2007 of: loop-aes VS dm-crypt VS truecrypt

[Christian Kujau <lists@xxxxxxxxxxxxxxx>]

On Mon, 28 May 2007, Jari Ruusu wrote:
> Original LRW mode has been semi-broken.
> http://grouper.ieee.org/groups/1619/email/msg00558.html

Hm, I'm using dm-crypt, but with CRYPTO_LRW disabled. So this does not 
apply? (Being a crypto noob, I wonder how to find out which block-cipher 
algorithm I am using or how to tell loop-aes/dm-crypt which algorithm to 
use).

> > -> "dm-crypt... which leaks location of changed data in some unusual
> > situations."
> > => What exactly consists this leak and has it been fixed?
>
> Last time I looked at dm-crypt it wasn't fixed.
>
> If backing storage is at some remote server, and adversary can see
> ciphertext read/write traffic, he can get snapshots of old and new
> ciphertexts and extract some information from that.

Hm, I thought this has been addressed with the introduction of ESSIV in 
2.6.10, or is this a different issue?

--
BOFH excuse #28:

CPU radiator broken

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/