jerome etienne wrote: > well it is a valid argument if you assume the OS has been corrupted. > Nevertheless this assumption isnt mandatory, here is a scenario where it > doesnt apply: > 1. a user encrypt a whole removable disk with loop-aes > 2. he goes in a conference and leave it unattended in a room (bad > practice but it happen) > 3. an attacker gets it, insert chosen data in it and put it back > 4. the user replugs the removable device > > => with the current loop-aes, the attack succeed > o the modification goes undetected and the user uses attacker's data > as if they were legitimate. Only if the user failed to RTFM. loop-AES' README clearly states that it does not authenticate ciphertext, and as such, does not protect against ciphertext tampering attacks. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/