From owner-freebsd-hackers@FreeBSD.ORG  Thu Mar  3 21:36:36 2005
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Delivered-To: freebsd-hackers@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id CA1D616A4CE
	for <hackers@freebsd.org>; Thu,  3 Mar 2005 21:36:36 +0000 (GMT)
Received: from rs6.luxsci.com (rs6.luxsci.com [65.61.136.14])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 364FC43D4C
	for <hackers@freebsd.org>; Thu,  3 Mar 2005 21:36:36 +0000 (GMT)
	(envelope-from tv@duh.org)
Received: from mail.duh.org (adsl-066-156-066-024.sip.asm.bellsouth.net
	[66.156.66.24])	(authenticated bits=0)
	by rs6.luxsci.com (8.12.11/8.12.11) with ESMTP id j23LaICk017676
	verify=NOT);	Thu, 3 Mar 2005 15:36:19 -0600
Received: from localhost (localhost [127.0.0.1])
	by mail.duh.org (8.13.1/8.13.1) with ESMTP id j23LYOt1007611;
	Thu, 3 Mar 2005 16:34:25 -0500 (EST)
Date: Thu, 3 Mar 2005 16:34:24 -0500 (EST)
From: Todd Vierling <tv@duh.org>
To: Poul-Henning Kamp <phk@phk.freebsd.dk>
In-Reply-To: <11285.1109884555@critter.freebsd.dk>
Message-ID: <Pine.NEB.4.62.0503031625170.12890@server.duh.org>
References: <11285.1109884555@critter.freebsd.dk>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Mailman-Approved-At: Fri, 04 Mar 2005 16:36:07 +0000
cc: ALeine <aleine@austrosearch.net>
cc: elric@imrryr.org
cc: "Perry E. Metzger" <perry@piermont.com>
cc: hackers@freebsd.org
cc: tech-security@NetBSD.org
cc: ticso@cicely.de
Subject: Re: FUD about CGD and GBDE 
X-BeenThere: freebsd-hackers@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Technical Discussions relating to FreeBSD
	<freebsd-hackers.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-hackers>
List-Post: <mailto:freebsd-hackers@freebsd.org>
List-Help: <mailto:freebsd-hackers-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-hackers>,
	<mailto:freebsd-hackers-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2005 21:36:36 -0000

On Thu, 3 Mar 2005, Poul-Henning Kamp wrote:

> And if CGD is _so_ officially approved as you say, then I can not
> for the life of me understand how it can use the same key to generate
> the IV and perform the encryption.  At the very least two different
> keys should have been used at the "expense" of making the masterkey
> 512 bits instead of 256.

Technically, two different keys are used.  The IV is generated from the
block number (although it's pluggable for other IV generation methods,
should one be desired; take a look!).

This makes part of the "extended" 320-bit (256 + 64 bit off_t) key a known
quantity *for a given ciphertext block*, but not the whole disk.  This makes
attacks a little more difficult than standard 256-bit symmetric AES, as the
ciphertext is salted differently depending on the number of the test block.

-- 
-- Todd Vierling <tv@duh.org> <tv@pobox.com>