On Sun, Feb 08, 2015 at 17:31:49 CET, U.Mutlu wrote: > Ralf Ramsauer wrote, On 02/08/2015 03:22 PM: [...] > Hmm. IMO this is the major weak point of such static/symmetric crypto > solutions. Knowing just one cleartext file, for example a well known > static system file from the /etc directory, and its encrpted data, could > easily lead to the master key (assuming the encrypted volume contains such > system files). With modern block-ciphers there is no "easily" here. In fact there is "infeasible" here as you basically always can get some ciphertext/ plaintext pairs also in communication encryption and it does not even need to be a "chosen plaintext" attack. Ciphers vulnerable to that are worthless. Really, you need to read up on what modern ciphers do. You also need to read up on the terminology. Getting the meaning of "symmetric" and "asymmetric" wrong is a pretty bad mistake. Not that I accuse you of anything, it is just that communication gets hard if one side does not understand the basics. > OTOH, a streaming crypto solution (I think also called 'asymmetric'), > ie. where each block gets encrypted with a new key derived from > the previous/initial key together with xoring with varying parts > of the user data in the block, would IMO make up a much more secure > crypto solution. That is infeasible for block-layer encryption and very expensive for file-level encryption. Hence nobody does it on system layer. You may be thinkling of things like CBC-mode communication encryption. Block- device storage is not a communication device, it works differently. For character-device storage where you do never seek you could do this, but you donot get a file-system on these, just a raw bit-stream. > >Just imagine: if you'd like to access the last sector of your volume > >you'd have to generate the whole key stream which would probably take a > >long time. > > Yes, true, but I think this problem could be somehow solved. You think wrong. This problem has been studied for at least two decades and nobody found a solution for it. In fact, it can very likely be formally proven that this problem cannot be solved and keep the security guarantees intact. Gr"usse, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
