Hello I'm working with dm-crypt. Basically, we have a key, which I call Master key, which is used to cipher blocks (or sectors). This master key is wrapped with another keys, the 8 slots, this is not the point here. Each block is then ciphered. the cipher mode is CBC, and each block has a different IV. Today, the ESSIV is used, which means that the IV is derived by the sector number and a hash of the master key. I'm OK with that. So, this means that the same block of the same plaintext is ciphered the same way. So if a file is unchanged, then the ciphered is unchanged. Which means that an attacker could track the change of the ciphered blocks and gain some (very little) knowledge, as the size of the document being added to a encrypted partition. My question is: can we avoid this? The answer is yes, we just have to use a salt. For example, for 512byte blocks, we could use 16bytes of salt for each block. Which means that one block each 32 blocks stores the salt of the other blocks. This way, it's possible to update all blocks and cipher them. Same data, cipher is different. I think we could have -performance issue, -decrease the size of 'usable' part of disk, 3% is used to store the salt, which is acceptable. but an attacker wouldn't be able to gain any information! Any advice on that, or a reason why the salt is not used for encrypting blocks? thanks Envoyé avec Inmano, ma messagerie renversante et gratuite : http://www.inmano.com _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
