On Sun, Feb 08, 2015 at 22:34:22 CET, Ralf Ramsauer wrote: > Hi > > On 02/08/2015 06:42 PM, Heinz Diehl wrote: > >> Knowing just one cleartext file, for example a well known static > >> > system file from the /etc directory, and its encrpted data, could > >> > easily lead to the master key (assuming the encrypted volume > >> > contains such system files). > > Neither AES, serpent nor twofish are prone to known-plaintext attacks. > > Breaking some rounds is not the same as breaking the cipher. > > > I absolutely agree, Heinz. > > Only the knowledge of a plain text block an the corresponding cipher > text block is NOT sufficient to "guess" or derive the key. > This is one of the major design criteria of symmetric block ciphers. > > When I did my first steps in cryptography I also naively thought that > knowing a cipher text and a corresponsing plain text automatically > offers the possibility to derive the key but this is absolutely not the > truth. And information-theoretically it does. It is just computational effort that stands in between and computationel effort is tricky, but also very real in this universe. > And the use of the same key throughout your volume is NOT a vulnerability. It is not. What is a vulnerablility is that the same key is used for multiple writes to the same sector. It does not allow decryption, but it does allow seeing whether a sector has changed if the attacker can access the volume several times. This is also unavoidable when block sizes are mapped 1:1, metadata is of fixed size, and performance needs to be not too badly impacted. Hence it is accepted as a known limitation. Crypto is not perfect. Most crypto has known limitations and vulnerabilities. The trick is to use the right method in the right situation so that an attacker does not gain anything substantial. Hence crypto security is always with respect to an attacker model (or equivalently, a set of attacker capabilities). In addition, an attacker that can access a computer 2 or more times with the user unlocking the encrypted storage in between is generally assumed to have won in disk encryption, as this attacker can compromise the boot proccess. > If you're of another opinion please show me references. > > I recommend you to read the following links: > http://git.dyne.org/tomb/plain/doc/New_methods_in_HD_encryption.pdf > http://en.wikipedia.org/wiki/Watermarking_attack > http://en.wikipedia.org/wiki/Disk_encryption_theory > http://cacr.uwaterloo.ca/hac/ <- great book, online available for free I second that. In particular the thesis by Clemens is excellent. It is not that we think you have no clue and should go away, it is that it is very hard talking to you when we have to clear up beginners mistakes all the time. Crypto is hard and complicated, some knowledge is required to even ask questions well. Gr"usse, Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. -- Plato If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
