On Fri, 7 Sep 2001, Rob McGee wrote: > I read what's there about the IV_MODE_SECTOR issue, and I think I > understand it but am not sure. With this enabled, a loop file will use a > block size of 512 bytes for the cryptoapi, and a copy of a loop file > will work no matter what the block size of the media it is on, and of > the media where it was created. Without it, if you create an encrypted > loop file on an ext2fs with a 1024 block size, a copy of that file can > only be mounted if it is on media with an identical block size. > Is that it? Or is it the block size of the filesystem inside the loop > file which is significant? See, I am wanting to make some encrypted CD's > which of course I would prefer to be able to mount directly from the CD. > And I want them to be accessible in the future, of course, even if I'm > using ext9fs with 40MB blocks on my 900TB turbo-optic storage device. > (I'll still want to look at the pictures of my kids from AD 2001, even > when the CD-ROM format is insignificant and outdated.) the 512byte IV mode guarantees, that you can create a loop device on a file or partition which can have any underlying blocksize (as long as it's a multiple of 512 bytes) and be able to transfer it to any other medium that has the same or any other blocksize (% 512 == 0 && > 0) and be able out-of-the-box to set the encrypted loop up again... another way to accomplish this kind of portability would be to stack two loop devices on each other, which would lead to a 1024 byte based IV; or the loop device could be set to a specific blocksize... each of these alternative approaches has pros and cons... Jari's loop-AES uses 512 byte IV calculation as well. regards, -- Herbert Valerio Riedel / Phone: (EUROPE) +43-1-58801-18840 Email: hvr@xxxxxxxxxx / Finger hvr@xxxxxxx for GnuPG Public Key GnuPG Key Fingerprint: 7BB9 2D6C D485 CE64 4748 5F65 4981 E064 883F 4142 Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
