On Thu, Dec 21, 2000 at 03:07:30PM +0000, Al B. Snell wrote:
> On Wed, 20 Dec 2000, David Maxwell wrote:
> > What are good choices for an algorithm that wouldn't be weakened by some
> > known plaintext patterns in the input? I'm thinking particularly of 
> 
> If you're using a cypher mode with an initialisation vector, then create
> the IV from the block number and part of the key. Since the IV is kind of
> "part of the plaintext" when known-plaintext attacks are considered, this
> means that we are injecting a key-dependent and block-number-dependent 
> slab of bits into each plaintext, making apparently identical blocks into
> different ones.

That sounds reasonable enough.

> You can encrypt entire tracks as units, too. Reading and writing entire
> tracks takes not much more time than reading and writing individual blocks
> due to the overhead being in seeking, so it might even improve some
> performance a bit by doing free read-ahead for us :-)

It's a trade-off of course, I'm a bit uncomfortable having unchanged
(plaintext) data re-written because it's on the same track as some data
being modified. I like to hope that data corruption is likely to be
limited to active data.

Perhaps seperate IV permuting methods are in order for superblocks,
inodes, and datablocks...

-- 
David Maxwell, david@vex.net|david@maxwell.net -->
All this stuff in twice the space would only look half as bad!
					      - me