Re: safety of encrypted filesystems

To: debian-security@lists.debian.org
Subject: Re: safety of encrypted filesystems
From: Max Vozeler <max@hinterhof.net>
Date: Mon, 20 Jun 2005 12:33:16 +0200
Message-id: <[🔎] 20050620103316.GC5481@dp.roam.hinterhof.net>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 877jgsyctp.fsf@benpfaff.org>
References: <[🔎] 20050617061508.GA19367@cirrus.madduck.net> <[🔎] 87hdfx1ofi.fsf@deneb.enyo.de> <[🔎] 20050617064603.GA21188@cirrus.madduck.net> <[🔎] 877jgsyctp.fsf@benpfaff.org>

On Fri, Jun 17, 2005 at 12:59:14PM -0700, Ben Pfaff wrote:
> martin f krafft <madduck@debian.org> writes:
> 
> > However, doesn't CBC or EBC make sure that every block is
> > chained to its predecessor, making even the very last block of
> > a file dependent on the bits of the very first block?
> 
> Yes and no.  If you change the first block in a set of
> CBC-chained blocks, the last block will change.  But to recover
> the contents of the last block, you only need the last block and
> the preceding block (and the key).

A good explanation of this mode (dubbed "Sector Enciphering Operation")
is in Saarinen's paper about the watermark weakness[1]. cryptoloop and
siblings basically use CBC only within a sector (512 byte), so different
sectors are all independent from each other.

cheers,
Max

[1] http://docs.indymedia.org/twiki/pub/Local/UkCrypto/wisa2004.pdf

Reply to:

References:
- safety of encrypted filesystems
  - From: martin f krafft <madduck@debian.org>
- Re: safety of encrypted filesystems
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: safety of encrypted filesystems
  - From: martin f krafft <madduck@debian.org>
- Re: safety of encrypted filesystems
  - From: Ben Pfaff <blp@cs.stanford.edu>

Prev by Date: Re: Security Support by the Security-Team
Next by Date: Wow..Mens Love This ZL
Previous by thread: Re: safety of encrypted filesystems
Next by thread: Re: safety of encrypted filesystems
Index(es):
- Date
- Thread