On 5/4/06, markus reichelt <[EMAIL PROTECTED]> wrote:
Agreed; but regarding unix systems, I know of none crypto
implementation that does integrity checking. Not just de/encrypt the
data, but verify that the encrypted data has not been tampered with.

Are you sure?  There's a aes-cbc-essiv:sha256 cipher with dm-crypt.
Are they using sha256 for something other than integrity?

I guess perhaps the reason they don't do integrity checking is that it
involves redundant data, so the encrypted volume would be smaller, or
the block offsets don't line up, and perhaps that's trickier to handle
than a 1:1 correspondence.
"Curiousity killed the cat, but for a while I was a suspect" -- Steven Wright
Security Guru for Hire http://www.lightconsulting.com/~travis/ -><-
GPG fingerprint: 9D3F 395A DAC5 5CCC 9066  151D 0A6B 4098 0C55 1484

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to