Phil Grundig wrote: > 1. I've read that you are not supposed to use the same gpg key on > different loop-aes volumes. Why? Even if the volumes contains some (but > not all) data in common, how does that help an attacker? Identical encryption keys + identical plaintext data + same offset from beginning of a disk partition leads to identical ciphertexts. Identical ciphertexts leak information about plaintext. > 2. How long in bytes does a known plaintext string encrypted at a known > position on a v3.x loop-aes encrypted device have to be to allow an > attacker to reverse engineer what the v3.x plaintext multiline key must > be? 16 bytes of known plaintext starting at any (except first) 16 byte boundary on a disk sector allows adversary to try brute force attack for one AES key. But 128/192/256 bits of key space is too much to brute force. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
