On 5/4/06, markus reichelt <[EMAIL PROTECTED]> wrote:
Agreed; but regarding unix systems, I know of none crypto implementation that does integrity checking. Not just de/encrypt the data, but verify that the encrypted data has not been tampered with.
Are you sure? There's a aes-cbc-essiv:sha256 cipher with dm-crypt. Are they using sha256 for something other than integrity? I guess perhaps the reason they don't do integrity checking is that it involves redundant data, so the encrypted volume would be smaller, or the block offsets don't line up, and perhaps that's trickier to handle than a 1:1 correspondence. -- "Curiousity killed the cat, but for a while I was a suspect" -- Steven Wright Security Guru for Hire http://www.lightconsulting.com/~travis/ -><- GPG fingerprint: 9D3F 395A DAC5 5CCC 9066 151D 0A6B 4098 0C55 1484 --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]