Jari Ruusu <jariruusu@xxxxxxxxxxxxxxxxxxxxx> wrote: >[...] LRW mode is more vulnerable to changed location disclosure than CBC mode. > That is because each ciphertext block depends on only one plaintext block > and the encryption keys. In CBC mode, ciphertext also depends on > preceeding > plaintext blocks. The way IV is computed in loop-AES makes all ciphertext > blocks depend on all plaintext blocks in 512 byte sector. > > IOW, loop-AES provides better protection against changed location > disclosure > than dm-crypt, cryptoloop, or ecryptfs. Ok, I suppose this is good news! My knowledge about attacks on ciphers and galois fields is quite faint, but I seriously hope the maintanance of loop-aes will go on. Since many tutorials and websites focus on loop-aes I deem it the right choice. Knoppix includes loop-aes, SuSE does not, but that need not be a disadvantage. Clemens Fruhwirth seemed to be a wise guy but unfortunately he didn´t suggest a patch or some working files. Other mainline projects like truecrypt or parts of the standard linux kernel might be backdoored. The loop-aes readme could include advice on how to remove partition table and boot sector and some plugin for k3b to burn encrypted cd/dvd on-the-fly would be excellent, too. Regards, Peter -- "Feel free" – 10 GB Mailbox, 100 FreeSMS/Monat ... Jetzt GMX TopMail testen: http://www.gmx.net/de/go/topmail - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
