Re: How does loop-aes IV computation v2&3 work? | |
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] | |
[ For some reason I did't receive Lothar's original question via
linux-crypto list. I do check one archive from time to time to see if I
have been dropped from the list. Unfortunately, linux-crypto archives that
I am aware of, do not show real email addresses, so I can't include
Lothar's email address in CC list. ]
> I'd like to know how the IV for loop-aes are computer (in multikey mode v2
> and v3). I didn't find any details in the README, and I did not fully
> understand the source code, so I'd really appreciate it if someone could
> explain this to me.
Following uses '|' to indicate concatenation. Arrays are 0-based.
Version 3 IV is computed as:
IV = MD5(key_table[64] | plaintext_bytes[16...511] | sector_number)
Version 2 IV is computed as:
IV = MD5(plaintext_bytes[16...511] | sector_number)
On version 3, each 512 byte sector is encrypted as:
K = key_table[sector_number & 63]
IV = MD5(key_table[64] | plaintext_bytes[16...511] | sector_number)
ciphertext_bytes[0...511] = CBC_ENCRYPT(K, IV, plaintext_bytes[0...511])
On version 3, each 512 byte sector is decrypted as:
K = key_table[sector_number & 63]
IV = ciphertext_bytes[0...15]
plaintext_bytes[16...511] = CBC_DECRYPT(K, IV, ciphertext_bytes[16...511])
IV = MD5(key_table[64] | plaintext_bytes[16...511] | sector_number)
plaintext_bytes[0...15] = CBC_DECRYPT(K, IV, ciphertext_bytes[0...15])
--
Jari Ruusu 1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9 DB 1D EB E3 24 0E A9 DD
-
Linux-crypto: cryptography in and on the Linux system
Archive: http://mail.nl.linux.org/linux-crypto/
[Home] [Kernel] [Linux Crypto] [Gnu Crypto] [Gnu Classpath] [Netfilter] [Bugtraq] [Network Security Reading]