Google
  Web www.spinics.net

Re: Status in 2008, was Status in 2007 of: loop-aes VS dm-crypt VS truecrypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]


Micah Anderson wrote:
> Is this watermarking issue still insufficiently addressed in dm-crypt as
> of today? Doing the following test, seems to produce a 16-byte change in
> the ciphertext

Watermarking exploits a flaw that intentionally triggers identical
ciphertext in two or more different locations on the disk.
Identical/not-identical pattern is then used to encode some watermark code.

Examples that you included compared how precisely implementation leaks
location of changed plaintext in case where adversary gets two or more
samples of same ciphertext location. Normally, in lost or stolen laptop
case, adversary gets only latest copy of ciphertext, so this changed data
location information leak does not apply.

> why do you do the hexdumps? Why not just store the actual data and do
> cmp -l | wc -l?

Because 'cmp' byte offsets have 1 byte bias that always screws my
interpretation of what is different. I hate it, and I don't use it for
anything other than to test identical/not-identical file.

> Finally, one question... if I understand multi-key v3 properly, that means
> that each subsequent sector (mod 64) uses a different key to encrypt the
> data sectors and the 65th is used as additional input to the MD5 IV
> computation.

http://mail.nl.linux.org/linux-crypto/2006-05/msg00049.html
http://mail.nl.linux.org/linux-crypto/2006-05/msg00054.html

> I dont exactly know what the MD5 IV computation is specifically (how can
> I find out?), but if multi-key just means that each subsequent sector
> uses a different key then if we are making changes within one 512-byte
> sector, then the multi-key piece shouldn't come into play here

That is correct, multiple encryption keys does not affect changed plaintext
location leak within 512-byte sector. Multiple keys reduces amount of data
encrypted using one key, and reduces chances of accidental identical
ciphertexts using same key.

-- 
Jari Ruusu  1024R/3A220F51 5B 4B F9 BB D3 3F 52 E9  DB 1D EB E3 24 0E A9 DD

-
Linux-crypto:  cryptography in and on the Linux system
Archive:       http://mail.nl.linux.org/linux-crypto/


[Home]     [Kernel]     [Linux Crypto]     [Gnu Crypto]     [Gnu Classpath]     [Netfilter]     [Bugtraq]     [Network Security Reading]

Add to Google