On Wed, 26 Jul 2006 11:22:49 +0900 (JST), Curt Sampson <cjs@cynic.net>
wrote:

> On Tue, 25 Jul 2006, Jan Danielsson wrote:
> 
> >   As far as I can tell, NetBSD's cgd only uses cbc. Should it support LRW?
> >
> >   I don't actually understand what CBC vs LRW that means, though. But
> > I'm going to assume that the TrueCrypt people do.
> 
> The main difference appears to be better deniability: someone who can
> convince you to store a specially crafted file on your encrypted disk
> can then, given just the encrypted disk, prove that the file is stored
> there.
> 
I haven't seen the attack, but given the way CBC works it's not clear that
the attack would even apply in the context of cgd.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb