From owner-freebsd-security  Mon May  8 13:48: 3 2000
Delivered-To: freebsd-security@freebsd.org
Received: from haldjas.folklore.ee (Haldjas.folklore.ee [193.40.6.121])
	by hub.freebsd.org (Postfix) with ESMTP id 7741D37BC34
	for <security@FreeBSD.ORG>; Mon,  8 May 2000 13:47:57 -0700 (PDT)
	(envelope-from narvi@haldjas.folklore.ee)
Received: from localhost (narvi@localhost)
	by haldjas.folklore.ee (8.9.3/8.9.3) with SMTP id WAA05304;
	Mon, 8 May 2000 22:47:31 +0200 (EET)
	(envelope-from narvi@haldjas.folklore.ee)
Date: Mon, 8 May 2000 22:47:31 +0200 (EET)
From: Narvi <narvi@haldjas.folklore.ee>
To: Mark Murray <mark@grondar.za>
Cc: "Andrew J. Korty" <ajk@iu.edu>, security@FreeBSD.ORG
Subject: Re: Cryptographic dump(8) 
In-Reply-To: <200005042015.WAA07617@grimreaper.grondar.za>
Message-ID: <Pine.BSF.3.96.1000508224013.5152A-100000@haldjas.folklore.ee>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Thu, 4 May 2000, Mark Murray wrote:

> > I was under the impression that the CBC mode would also propagate this
> > entry throughout the block.  Must I use one of the feedback modes?
> 
> Yes. I have no hard references in front of me, but I'll put ${bodypart}
> on a block that CBC is 8-bytes-at-a-time-with-same-key-each-time. IE not
> good enough to stave off known plaintext attacks. CBC is what you'd use
> if the entire plaintext is of unpredictable structure.
> 

Another thing to consider (and I am yet to see it in this discussion):

	Say a block relatively in the beginning of the dump gets read off
	the tape corrupted. Any encryption scheme in which such means that
	the entire dump is worthless is less than satisfactory in most
	environments. 

Losing the entire backup to the chaining mode just because one block reads
incorrectly is a bad idea. Known plaintext attacks - more exactly *chosen
plaintext* attacks are imho unavidable in backups.

They must be fought in some other way. WO backups are no good. If we use
CBC, we should restart it with a new IV on every block boundary or so to
minimise damage.

> M
> --
> Mark Murray
> Join the anti-SPAM movement: http://www.cauce.org
> 

	Sander



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message