Date: Mon, 8 May 2000 22:47:31 +0200 (EET) From: Narvi <narvi@haldjas.folklore.ee> To: Mark Murray <mark@grondar.za> Cc: "Andrew J. Korty" <ajk@iu.edu>, security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) Message-ID: <Pine.BSF.3.96.1000508224013.5152A-100000@haldjas.folklore.ee> In-Reply-To: <200005042015.WAA07617@grimreaper.grondar.za>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 4 May 2000, Mark Murray wrote:
> > I was under the impression that the CBC mode would also propagate this
> > entry throughout the block. Must I use one of the feedback modes?
>
> Yes. I have no hard references in front of me, but I'll put ${bodypart}
> on a block that CBC is 8-bytes-at-a-time-with-same-key-each-time. IE not
> good enough to stave off known plaintext attacks. CBC is what you'd use
> if the entire plaintext is of unpredictable structure.
>
Another thing to consider (and I am yet to see it in this discussion):
Say a block relatively in the beginning of the dump gets read off
the tape corrupted. Any encryption scheme in which such means that
the entire dump is worthless is less than satisfactory in most
environments.
Losing the entire backup to the chaining mode just because one block reads
incorrectly is a bad idea. Known plaintext attacks - more exactly *chosen
plaintext* attacks are imho unavidable in backups.
They must be fought in some other way. WO backups are no good. If we use
CBC, we should restart it with a new IV on every block boundary or so to
minimise damage.
> M
> --
> Mark Murray
> Join the anti-SPAM movement: http://www.cauce.org
>
Sander
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.1000508224013.5152A-100000>