Greg Louis wrote: > It would seem to make sense to ask the author of loop-AES directly for > his comments. Jari? > > On 20010920 (Thu) at 1114:48 +0200, Allan Latham wrote: > > A quick look at this seems to show the following (pls confirm this anyone): > > > > 1. The whole of the data is encrypted with a single key Correct. > > 2. There is no mean to change the key dd if=/dev/loop0 of=/dev/loop1 > > 3. CBC is used on 512 byte blocks Correct. > > 4. The key is derived directly from a password with a seed User supplied password is hashed using SHA-256 and output of that hash is used as encryption key. > > I would be pleased if someone could just read the code and confirm point 4 > > above. If true this is a serious problem. It allows a dictionary attack in > > reasonable time - and a twenty character pass phrase especially one using > > plain language words is no protection against this. A dictionary attack against PPDD should not be any different. One just has to decrypt twice: once the master key and then some known plaintext using decrypted "generated key". OTOH, I may be wrong here, I have't read PPDD code at all. > > > On Thu, 20 Sep 2001, ext Michael H. Warfield wrote: > > > > Another disadvantage is that it replaces the loop-back device > > > > rather than works in parallel. That may not matter much, but it might > > > > if you want them in parallel but separate. Not an issue with me. This is really a FAQ. The loop driver in loop-AES _is_ your kernel's loop driver with known bugs fixed and AES cipher pre-registered. It does everything an unmodified loop driver would do. Regards, Jari Ruusu <jari.ruusu@xxxxxxxxxx> Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
