* Travis H.: > On 5/4/06, markus reichelt <[EMAIL PROTECTED]> wrote: >> Agreed; but regarding unix systems, I know of none crypto >> implementation that does integrity checking. Not just de/encrypt the >> data, but verify that the encrypted data has not been tampered with. > > Are you sure? There's a aes-cbc-essiv:sha256 cipher with dm-crypt. > Are they using sha256 for something other than integrity?
AFAIK, they use it to generate the IVs for CBC mode. Directly using the sector numbers leads to fingerprinting vulnerabilities. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
