On 7/25/06, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
> I haven't seen the attack, but given the way CBC works it's not clear that
> the attack would even apply in the context of cgd.

You can read about it here:

http://clemens.endorphin.org/LinuxHDEncSettings
http://www.tcs.hut.fi/~mjos/doc/wisa2004.pdf

I'm no expert on cgd, but if it uses incrementing, public IVs, then
it's vulnerable to an unmodified watermark attack.  If it uses
publicly knowable IVs, then it may be vulnerable to some variant.
-- 
"Follow where reason leads" -- Zeno || Unix "guru" for rent or hire
http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484