Marco Fonseca wrote: > I've been searching for some info on single-key vs multi-key, but > haven't found a great deal of it. How much more superior is multi-key > over single-key. Any info would be helpful. loop-AES version 1 on-disk format (single-key) has easily exploitable IV computation weakness and should not be used. loop-AES version 2 and 3 on-disk formats (multi-key) have stronger IV computation. Since on-disk format needed to be changed on v1-to-v2 transition, multiple encryption keys were also included at the same time. Multi-key mode reduces amount of data encrypted using one encryption key, and thus reduces probability of identical ciphertexts using same encryption key. Identical ciphertexts leak information. Old versions of dm-crypt and truecrypt had same exploitable IV computation weakness, but newer versions of those implementations fixed that weakness in different way. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
