[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Encrypted backups

On Thu, 2004-01-15 at 12:34, Klaus Holler wrote:

> > Well, you learn a new thing every day. Never thought you could do
> > that! What happens with media errors on the tape when you read it
> > back?
> 
> depends on the cipher mode you use:
... snip ...
> if using CBC (cipher block chaining mode) you will be more dependent 
> from media errors because this mode adds a feedback mechanism - 
> encryption results from previous blocks are taken into account when 
> calculating the current one (plaintext block is XORed with previous 
> ciphertext block). I guess that you will lose all blocks starting 
> from the block having the media defect ;-(

It will only affect two blocks: the block with the error, and the next
block (which will be XORed with the corrupted cipherblock after
decrypting).  The subsequent blocks will be fine.

ECB mode would affect only one block, but is much less secure against
several attacks (especially known plaintext attacks).  There are other
cipher modes as well, some with less propogation of data corruption in
the ciphertext. But CBC is the generally preferred mode for security
reasons.

In practice, I'd expect that the archive format will propogate bit flips
more than the encoding scheme.

-Bill
Reply to: