Micah Anderson wrote: > Is this watermarking issue still insufficiently addressed in dm-crypt as > of today? Doing the following test, seems to produce a 16-byte change in > the ciphertext Watermarking exploits a flaw that intentionally triggers identical ciphertext in two or more different locations on the disk. Identical/not-identical pattern is then used to encode some watermark code. Examples that you included compared how precisely implementation leaks location of changed plaintext in case where adversary gets two or more samples of same ciphertext location. Normally, in lost or stolen laptop case, adversary gets only latest copy of ciphertext, so this changed data location information leak does not apply. > why do you do the hexdumps? Why not just store the actual data and do > cmp -l | wc -l? Because 'cmp' byte offsets have 1 byte bias that always screws my interpretation of what is different. I hate it, and I don't use it for anything other than to test identical/not-identical file. > Finally, one question... if I understand multi-key v3 properly, that means > that each subsequent sector (mod 64) uses a different key to encrypt the > data sectors and the 65th is used as additional input to the MD5 IV > computation. http://mail.nl.linux.org/linux-crypto/2006-05/msg00049.html http://mail.nl.linux.org/linux-crypto/2006-05/msg00054.html > I dont exactly know what the MD5 IV computation is specifically (how can > I find out?), but if multi-key just means that each subsequent sector > uses a different key then if we are making changes within one 512-byte > sector, then the multi-key piece shouldn't come into play here That is correct, multiple encryption keys does not affect changed plaintext location leak within 512-byte sector. Multiple keys reduces amount of data encrypted using one key, and reduces chances of accidental identical ciphertexts using same key. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
