On 08.02.2015, U.Mutlu wrote: > Knowing just one cleartext file, for example a well known static > system file from the /etc directory, and its encrpted data, could > easily lead to the master key (assuming the encrypted volume > contains such system files). Neither AES, serpent nor twofish are prone to known-plaintext attacks. Breaking some rounds is not the same as breaking the cipher. > OTOH, a streaming crypto solution (I think also called 'asymmetric'), > ie. where each block gets encrypted with a new key derived from > the previous/initial key together with xoring with varying parts > of the user data in the block, would IMO make up a much more secure crypto > solution. You're mixing symmetric/asymmetric crypto and block cipher modes. A stream cipher is a symmetric key cipher. The random keystream is used to encrypt the plaintext, using its seed as the "key". (Btw: dm-crypt works symmetrically, too). An example for asymmetric encryption would be GPG, which uses a public/private keypair. What you describe reminds me on the (ages old - around 1980?) CBC mode, where the IV is derived from the previous encrypted block. The first plaintext block is xor'ed to an IV with the same size as the plaintext block itself. CBC is therefore prone to choosen plaintext attacks. The last "C" in the name says it. All of this is by no means specific for LUKS/dmcrypt. And there are surely a lot of others with deeper knowledge who can explain this better to you.. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
