The ancient SFS fot MSDOS solved these problems. The sector IV is the hash
of a disk key and the sector number. Also the block gets encrypted forward
and then backward. I don't know if the cipher MDC/SHS is still ok though.

The overhead was one 512-byte sector to hold the encrypted disk key.

From Simon Burge:
> David Maxwell wrote:
> 
> > What are good choices for an algorithm that wouldn't be weakened by some
> > known plaintext patterns in the input? I'm thinking particularly of 
> > directories, though things like the superblock backups might provide
> > a telltale as well.
> > 
> > Identical blocks at 0 and 32 would give a good hint - and many portions
> > of the superblock's content could be guessed from the size of the 
> > partition etc...
> 
> Could this be as simple to fix as using the block number as (part of?)
> the IV?

-- 
Juergen Hannken-Illjes - hannken@eis.cs.tu-bs.de - TU Braunschweig (Germany)