Boyd Waters wrote: > But probably would NOT protect against watermark (which is > chosen-plaintext attack). Problem there is the treatment of the > per-sector password for the block encryption: loop-AES runs through a > number of iterations, dm-crypt and cryptoloop do not. Watermark attack exploits weakness in IV computation and the fact that same key is used for all sectors. loop-AES' multi-key mode resistance against watermark attack is result of stronger IV computation. Using different keys for different sectors also helps a little bit. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
