On Wed, 20 Dec 2000, David Maxwell wrote:

> What are good choices for an algorithm that wouldn't be weakened by some
> known plaintext patterns in the input? I'm thinking particularly of 
> directories, though things like the superblock backups might provide
> a telltale as well.

If you're using a cypher mode with an initialisation vector, then create
the IV from the block number and part of the key. Since the IV is kind of
"part of the plaintext" when known-plaintext attacks are considered, this
means that we are injecting a key-dependent and block-number-dependent 
slab of bits into each plaintext, making apparently identical blocks into
different ones.

> Anything not block-based would avoid this - or at least anything 
> without the same block size as the FS.

You can encrypt entire tracks as units, too. Reading and writing entire
tracks takes not much more time than reading and writing individual blocks
due to the overhead being in seeking, so it might even improve some
performance a bit by doing free read-ahead for us :-)

ABS

-- 
                               Alaric B. Snell
 http://www.alaric-snell.com/  http://RFC.net/  http://www.warhead.org.uk/
   Any sufficiently advanced technology can be emulated in software