Jari Ruusu wrote:
Peter_22@xxxxxx wrote:Wouldn't this be negated by the fact that you're initialising the storage space for the ISO with /dev/urandom? This would be a fairly good guarantee that blank sectors (the most likely things to be identical) are going to still be different. I thought ISO images wouldn't include any unused blocks, anyway, which would also mean that blank sectors would be irrelevant.
Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx> wrote:
Identical ciphertexts leak information.I must admit, I didn´t get that. Mkisofs -r dirtree builds an ISO image
which I pipe through aespipe. You mean I shouldn´t use one keyfile twice
for doing this?
If same key file is used for multiple partitions, then adversary can easily
detect what sectors are identical on different partitions. Identical
plaintext data on different sectors on same file system are not a problem
because sector number is used in IV computation, and sector number is
guaranteed to be unique on one file system.
And therefore, if you're not writing identical files in identical locations, isn't the risk associated with reusing a set of keys reduced?
Another way of going about this might be to write a file from /dev/urandom at the size you want and set this up as an loop-AES file system. Copy your files on and then unmount it. Then copy this encrypted filesystem onto the disk. When you want to access it, just use aespipe or loop-AES (not sure which, given the earlier argument about blocksizes) to open that file as a filesystem. Why try to encrypt the ISO image at all?
Have fun,
Paul
-- -- Paul Wayper at ANU - +61 2 6125 0643
- Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/