On Tue, 04 Aug 2009 15:27:20 +0200 Henrik Theiling <theiling@xxxxxxxxxx> wrote: > >From the wording of the Wikipedia article, however, it is not > completely clear to me how serious the watermarking attack on CBC is. > The IV function is known, so can two blocks be easily constructed in > such a way that their cbc-essiv:sha256 encryption (with whatever main > algorithm) is identical? You'd need to know the sector for that plus > break SHA256, because ESSIV uses the hash of the encryption key plus > the sector number to generate the IV, right? If I understood that > correctly, then I can safely get back to relaxing, enjoying the summer > and drinking beer instead of thinking about this any longer. >From Clemens Fruhwirth: "ESSIV E(Sector|Salt) IV, short ESSIV, derives the IV from key material via encryption of the sector number with a hashed version of the key material, the salt. ESSIV does not specify a particular hash algorithm, but the digest size of the hash must be an accepted key size for the block cipher in use. As the IV depends on a none public piece of information, the key, the sequence of IV is not known, and the attacks based on this can't be launched." This covers watermarks, I hope this provides for drinking much beer. -MJ _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
