[24728] in cryptography@c2.net mail archive
Re: Linux RNG paper
daemon@ATHENA.MIT.EDU (Florian Weimer)
Fri May 5 16:47:32 2006
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Florian Weimer <fw@deneb.enyo.de>
To: "Travis H." <solinym@gmail.com>
Cc: cryptography@metzdowd.com
Date: Fri, 05 May 2006 21:51:24 +0200
In-Reply-To: <d4f1333a0605041144y1be34f53g212aab84fa1a623f@mail.gmail.com>
(Travis H.'s message of "Thu, 4 May 2006 13:44:48 -0500")
* Travis H.:
> On 5/4/06, markus reichelt <ml@mareichelt.de> wrote:
>> Agreed; but regarding unix systems, I know of none crypto
>> implementation that does integrity checking. Not just de/encrypt the
>> data, but verify that the encrypted data has not been tampered with.
>
> Are you sure? There's a aes-cbc-essiv:sha256 cipher with dm-crypt.
> Are they using sha256 for something other than integrity?
AFAIK, they use it to generate the IVs for CBC mode. Directly using
the sector numbers leads to fingerprinting vulnerabilities.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
