From owner-freebsd-security  Wed May  3 14: 4: 7 2000
Delivered-To: freebsd-security@freebsd.org
Received: from apollo.backplane.com (apollo.backplane.com [216.240.41.2])
	by hub.freebsd.org (Postfix) with ESMTP id B3E2237B565
	for <security@FreeBSD.ORG>; Wed,  3 May 2000 14:04:04 -0700 (PDT)
	(envelope-from dillon@apollo.backplane.com)
Received: (from dillon@localhost)
	by apollo.backplane.com (8.9.3/8.9.1) id OAA64975;
	Wed, 3 May 2000 14:04:02 -0700 (PDT)
	(envelope-from dillon)
Date: Wed, 3 May 2000 14:04:02 -0700 (PDT)
From: Matthew Dillon <dillon@apollo.backplane.com>
Message-Id: <200005032104.OAA64975@apollo.backplane.com>
To: "Andrew J. Korty" <ajk@iu.edu>
Cc: security@FreeBSD.ORG
Subject: Re: Cryptographic dump(8)
References:  <Pine.BSF.4.21.0005031329440.21805-100000@kobayashi.uits.iupui.edu>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

:That sounds good, but I should probably leave the very first
:header as cleartext.  That way, I can put a flag there to tell
:restore whether or not this tape is encrypted or not.
:
:>     Also, putting a random number in each block is important if each block
:>     is separately encrypted, for the same reason.
:
:Would it be acceptable to encrypt the header and block together
:but each header/block pair separately?  I don't think I have room
:to add anything in the block, so maybe I could get that randomness
:from what I add to the header (CBC should propagate it a little).
:
:-- 
:Andrew J. Korty, Lead Security Engineer
:Office of the Vice President for Information Technology
:Indiana University

    Maybe.  I don't know.  Random is always best but it
    would probably be acceptable to seed the encryption of
    later blocks with data from the original header.

    					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message