* Travis H.:

> On 5/4/06, markus reichelt <[EMAIL PROTECTED]> wrote:
>> Agreed; but regarding unix systems, I know of none crypto
>> implementation that does integrity checking. Not just de/encrypt the
>> data, but verify that the encrypted data has not been tampered with.
>
> Are you sure?  There's a aes-cbc-essiv:sha256 cipher with dm-crypt.
> Are they using sha256 for something other than integrity?

AFAIK, they use it to generate the IVs for CBC mode.  Directly using
the sector numbers leads to fingerprinting vulnerabilities.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to