> What is the reason the MD5 hash was chosen over other hashes for computing > the IV (Initialization Vector); in particular, SHA256 or SHA512? 128 bit block size ciphers need 128 bit IV. MD5 output is 128 bits. Speed was also important. If you are worrying about security... The way MD5 is used in loop-AES is not vulnerable. Recent MD5 attacks need known state. Adversary does not have known state, nether before nor after adversary supplied data is processed. Loop-AES version 3 on-disk format uses 65th key (unknown to adversary) as MD5 input before adversary supplied data, and output end up being encrypted using AES (again, with a key unknown to adversary). -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
