Christian Holler wrote: > After reading a lot I found out that there are still known weaknesses > in loop-aes, although multi-v3-key mode should reduce the risk of some > of these. Ciphertext tampering attacks in CBC mode, and ciphertext copying attacks apply to some degree. Nothing new here. > Are you planing to change loop-aes implementation to support also this > new LRW patch or something that prevents these kind of attacks? No such plans yet. If adversary can modify ciphertext residing on local hard disk partition, then security game was already lost. > The best thing though would be if you develop together with the > luks/dm-crypt people and create something even better than both of you > could develop alone :) Mainline Linux folks are still years behind loop-AES. I think this sentence in the paper: "The attack was not taken seriously, especially not by me, as Jari Ruusu had no good reputation and was known to spread more confusion than facts." should really read as: "The attack was not taken seriously by clueless people, author included, as Jari Ruusu had a reputation of not tolerating people who prefer and recommend broken crypto implementations." -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
