Linux RNG paper
Florian Weimer
fw at deneb.enyo.de
Fri May 5 15:51:24 EDT 2006
* Travis H.:
> On 5/4/06, markus reichelt <ml at mareichelt.de> wrote:
>> Agreed; but regarding unix systems, I know of none crypto
>> implementation that does integrity checking. Not just de/encrypt the
>> data, but verify that the encrypted data has not been tampered with.
>
> Are you sure? There's a aes-cbc-essiv:sha256 cipher with dm-crypt.
> Are they using sha256 for something other than integrity?
AFAIK, they use it to generate the IVs for CBC mode. Directly using
the sector numbers leads to fingerprinting vulnerabilities.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list