On Sep 6, 2007, at 6:14 PM, Jacob Appelbaum wrote:
other known good implementations of AES128 (CBC? I'm not sure...).
Plain AES-CBC is not a great choice for FDE. You can do whatever you'd like to the bits of a given block at the cost of garbling the previous block, which makes binaries a plausible target. Given the size of modern OSes, it might even be an easy one.
-- Ivan Krstić <[EMAIL PROTECTED]> | http://radian.org --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]