"Gisle Sælensminde" <Gisle.Salensminde@xxxxxxxxxxx> wrote: >[...] One such weak link in earlier versions of > loop-aes (and as far as I know, still in cryptoloop) was the way each > block were encrypted, that allowed an attacker to see the the location > of the first change in each disk block when it changed. In that case, it > would not have helped with several loop devices or double encryption. > While the seriousness of the attack can be argued about, it shows that > several layers of encryption may not help if an attack is on a different > part of the system. Oh, that just reminds me of some guy called "Clemens Fruhwirth". (http://clemens.endorphin.org/aboutme) Maybe you want to visit his page. "I brought an 586/686 assembler version of AES to the kernel, then started to work on dm-crypt. I invented and implemented ESSIV for dm-crypt, and tried to implement another nice encryption mode, called LRW." I wondered what LRW might be ever since he mentioned it here. You suppose the way loop-aes uses the aes cipher, namely CBC, is insecure? In case Mr. Fruhwirth had published loop-aes with LRW I´d given it a try. But as things are it seems to be a good choice to use loop-aes as it is and take 2 or more loop devices. Ok, and that´s all on this case. Good luck on your anaysis of the cryptosystem. I only fear I can´t help with that:-( Regards, Peter -- Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen! Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
