Lubomir Sedlacik <salo@Xtrmntr.org> writes:

> cgd(4) uses nor incrementing neither public IVs.
>
> from the manual page:
>
> IV Methods
>   Currently, the only IV Method supported is encblkno (Encrypted Block
>   Number).  This method encrypts the block number of the physical disk
>   block with the cipher and key provided and uses that as the IV for CBC
>   mode.  This method should ensure that each block has a different IV
>   and that the IV is reasonably unpredictable.

The basic idea does sound good.  But what is a block number in this
context?  Logical/physical block number on the disk/filesystem?  What
IV is used when a block is modified?

CBC is a secure encryption mode only if every IV is selected uniformly
at random for every plaintext encrypted with the key (this is not a
mathematical statement -- for example, there are ways to simulate this
and still remain secure).

-- Johan