Re: safety of encrypted filesystems
On Fri, Jun 17, 2005 at 12:59:14PM -0700, Ben Pfaff wrote:
> martin f krafft <email@example.com> writes:
> > However, doesn't CBC or EBC make sure that every block is
> > chained to its predecessor, making even the very last block of
> > a file dependent on the bits of the very first block?
> Yes and no. If you change the first block in a set of
> CBC-chained blocks, the last block will change. But to recover
> the contents of the last block, you only need the last block and
> the preceding block (and the key).
A good explanation of this mode (dubbed "Sector Enciphering Operation")
is in Saarinen's paper about the watermark weakness. cryptoloop and
siblings basically use CBC only within a sector (512 byte), so different
sectors are all independent from each other.