Marcus Williams wrote: > The only problem I can foresee with this is if there are media errors > on the tape. How does the loop device cope with this? afio manages to > deal with this sort of thing by spooling forward until the corrupt > data is passed over and a correct magic id can be found, but > presumably if the tape is encrypted a media error will lose the rest > of the tape... is this true? Following applies to both aespipe and loop-AES because they use same on-disk format: One bit ciphertext error causes the 16 byte block in which the error is to be completely destroyed, plus one bit error in the next 16 byte block. The one bit error in next block does not occour if wrong ciphertext bit happens to be in last 16 bytes of 512 byte CBC chain. Also, in multi-key mode first 16 bytes of the 512 byte CBC chain are completely destroyed due to incorect MD5 IV. In all cases the errors stay within same 512 byte block. If compression is used (like in bz2aespipe script), then errors may propagate to much larger set of data. Decompressors operate in GIGO mode, garbage in - garbage out, and you may even get a bonus SIGSEGV if you are lucky. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
