On Sat, 2010-10-16 at 13:57 -0300, Henrique de Moraes Holschuh wrote: > Package: linux-2.6 > Version: 2.6.32-25 > Severity: important > > Please backport commit 61afef614b013ee1b767cdd10325acae1db1f4d2 > "dm crypt: add plain64 iv" from upstream. It should be a clean > cherry-pick. > > Without it, Debian squeeze users might not be able to use dm-crypt > volumes created on newer kernels using *-xts-plain64, nor will be able > to create such volumes. > > Using "plain" for IVs on block devices with more than 2^32 blocks will > cause the same IV to be used twice due to roll-over. This is not a good > thing, although it might be not bad enough to matter much (or it could > be a terrible problem. Someone who groks crypto for real would have to > answer that). [...] The original author explains in <https://partner-bugzilla.redhat.com/show_bug.cgi?id=600295>: "the plain IV restarts and opens device to watermarking attack (two sectors shares the same IV, you can manipulate with the second if you know content of the first)." This seems to justify an update on the grounds of security, not to mention compatiblity. Ben. -- Ben Hutchings Once a job is fouled up, anything done to improve it makes it worse.
Attachment:
signature.asc
Description: This is a digitally signed message part