Alon Bar-Lev wrote: > 1. Where does the magic 64 come from? 64 different AES keys. First sector uses first key, second sector uses second key, and so on. As to why 64, and not 32 or 128: Usually 64 expanded AES keys stay in processor caches, 128 expanded keys probably not. > 2. Is MD5 remains safe after recent developments in this area? MD5 attacks that I have seen are such that adversary needs known MD5 state to attack. In loop-AES v3 on-disk format, adversary does not know the state before or after MD5 hash. In v2 on-disk format it was possible that adversary had known MD5 state before the hash. > 3. Is the usage of the same key over and over is "good enough" still? One AES key should be ok for 2^64 blocks. After that, probability of ciphertext collision is too big. Using multiple keys reduces amount of data per encryption key, and as such, reduces probability of ciphertext collisions. -- Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD - Linux-crypto: cryptography in and on the Linux system Archive: http://mail.nl.linux.org/linux-crypto/
