Subject: Re: CBC and LRW?
To: None <tech-security@netbsd.org>
From: Johan =?iso-8859-1?Q?Wall=E9n?= <johan.wallen+lists@tkk.fi>
List: tech-security
Date: 07/26/2006 22:37:17
Lubomir Sedlacik <salo@Xtrmntr.org> writes:
> cgd(4) uses nor incrementing neither public IVs.
>
> from the manual page:
>
> IV Methods
> Currently, the only IV Method supported is encblkno (Encrypted Block
> Number). This method encrypts the block number of the physical disk
> block with the cipher and key provided and uses that as the IV for CBC
> mode. This method should ensure that each block has a different IV
> and that the IV is reasonably unpredictable.
The basic idea does sound good. But what is a block number in this
context? Logical/physical block number on the disk/filesystem? What
IV is used when a block is modified?
CBC is a secure encryption mode only if every IV is selected uniformly
at random for every plaintext encrypted with the key (this is not a
mathematical statement -- for example, there are ways to simulate this
and still remain secure).
-- Johan