--YPJ8CVbwFUtL7OFW
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Jul 26, 2006 at 12:24:25AM -0500, Travis H. wrote:
> On 7/25/06, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
> >I haven't seen the attack, but given the way CBC works it's not clear
> >that the attack would even apply in the context of cgd.
>=20
> You can read about it here:
>=20
> http://clemens.endorphin.org/LinuxHDEncSettings
> http://www.tcs.hut.fi/~mjos/doc/wisa2004.pdf
>=20
> I'm no expert on cgd, but if it uses incrementing, public IVs, then
> it's vulnerable to an unmodified watermark attack.  If it uses
> publicly knowable IVs, then it may be vulnerable to some variant.

cgd(4) uses nor incrementing neither public IVs.

=66rom the manual page:

IV Methods
  Currently, the only IV Method supported is encblkno (Encrypted Block
  Number).  This method encrypts the block number of the physical disk
  block with the cipher and key provided and uses that as the IV for CBC
  mode.  This method should ensure that each block has a different IV
  and that the IV is reasonably unpredictable.


regards,

--=20
-- Lubomir Sedlacik <salo@{NetBSD,Xtrmntr,silcnet}.org>   --

--YPJ8CVbwFUtL7OFW
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (NetBSD)

iD8DBQFEx3qeiwjDDlS8cmMRAljLAJ91nm2LJLs4KSZqxqlL5eek3MAypACglG4U
xZ/3Zqb0FuRQ4LGTbUV82Qk=
=9D+A
-----END PGP SIGNATURE-----

--YPJ8CVbwFUtL7OFW--