Subject: Re: cgd: CBC or no CBC
To: Steven M. Bellovin <smb@cs.columbia.edu>
From: Florian Stoehr <netbsd@wolfnode.de>
List: netbsd-users
Date: 01/21/2005 20:44:28
On Fri, 21 Jan 2005, Steven M. Bellovin wrote:

> In message <Pine.NEB.4.61.0501212008360.195@irina.net.flo>, Florian Stoehr writ
> es:
>> Hi,
>>
>> in NetBSD guide: "All three ciphers are used in CBC mode. This means each
>> block is XORed with the previous encrypted block before encryption.".
>>
>> Is this correct?
>>
>> I'm not native English, so the original author's text is not easy to
>> unserstand for me. As far as I understand, the text says that each block
>> is encrypted SEPARATELY from any other block - with a different IV each,
>> IV is the encrypted block number encrypted with the same key used for the
>> data.
>>
>> ???
>>
>> Can someone explain that, please?
>> Is the guide wrong here?
>>
>
> No, the guide is correct, but it's hard to understand as written.
> There's a graphical picture on slie 27 (page 28) of a cryptography
> tutorial I gave a few months ago; see
> http://www1.cs.columbia.edu/~smb/talks/crypto-tut.ps
> or http://www1.cs.columbia.edu/~smb/talks/crypto-tut.pdf
>
> 		--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
>

Hi,

I think I got confused by "disk blocks" and "cipher blocks".

I basically understood what's on your slice although
it's not that clear to me where the orignal cgd doc talks about "disk
block" and "cipher block" ("In CBC mode, we encrypt each DISK block using
a block cipher; a different IV is used for each block") and later "Each
block is encrypted separately..."

Think I'll assume it uses multiple "code blocks" within a real "disk 
block".

-Florian