Date: Wed, 3 May 2000 13:39:26 -0500 (EST) From: "Andrew J. Korty" <ajk@iu.edu> To: Matthew Dillon <dillon@apollo.backplane.com> Cc: security@FreeBSD.ORG Subject: Re: Cryptographic dump(8) Message-ID: <Pine.BSF.4.21.0005031329440.21805-100000@kobayashi.uits.iupui.edu> In-Reply-To: <200005031718.KAA63329@apollo.backplane.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 3 May 2000, Matthew Dillon wrote: > Store something like this in the header: > > [random (16 bytes)][MD5 of entire header including random, not including > the MD5 itself] > > [ .................. entire block is encrypted (entire header, including > random and MD5)] > > Restore would then decrypt the header using the user-supplied key, then > MD5 it and compare the MD5 against the decrypted MD5. > > Storing a random sequence in the header that is MD5'd as well as > encrypted is very important because otherwise someone trying to break > the encryption can 'guess' at what the contents of the header was in > order to try to reverse-engineer the encryption. That sounds good, but I should probably leave the very first header as cleartext. That way, I can put a flag there to tell restore whether or not this tape is encrypted or not. > Also, putting a random number in each block is important if each block > is separately encrypted, for the same reason. Would it be acceptable to encrypt the header and block together but each header/block pair separately? I don't think I have room to add anything in the block, so maybe I could get that randomness from what I add to the header (CBC should propagate it a little). -- Andrew J. Korty, Lead Security Engineer Office of the Vice President for Information Technology Indiana University To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0005031329440.21805-100000>