Hello, On Thu, Feb 08, 2007 at 11:07:22PM +0100, Andreas Jellinghaus wrote: > Uwe Hermann wrote: > >On Thu, Feb 08, 2007 at 08:26:52AM +0100, Andreas Jellinghaus wrote: > >>german linux magazin has an editorial about a potential weakness in LRW > >>depending on how it is used. can anyone post the details about it? > >>how do I need to use it to be secure? > > > >As far as I know dm-crypt/cryptsetup doesn't use LRW at all, so this is > >not an issue anyways(?) > > lrw was added to kernel 2.6.20. so now I should be able to use "aes-lrw" > everywhere I used "aes-plain" or "aes-essiv" as far as I know. > But I haven't found documentation so far - e.g. how to pass the tweak > key to the kernel. You need to pass aes-lrw-benbi as cipher mode (as said in Kconfig). You should get LRW-32-AES encryption that way (as defined in http://grouper.ieee.org/groups/1619/email/pdf00017.pdf) (benbi is a lot like plain, but plain is a little endian sector (512 bytes) count, and benbi is a bigendian cipherblock count). LRW is no IEEE1619 candidate anymore because it is very weak if you encrypt the encryption key itself, see: http://grouper.ieee.org/groups/1619/email/msg01150.html Greetings, Rik. -- Nothing is ever a total loss; it can always serve as a bad example. --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
