* Travis H.:

> On 5/4/06, markus reichelt <[EMAIL PROTECTED]> wrote:
>> Agreed; but regarding unix systems, I know of none crypto
>> implementation that does integrity checking. Not just de/encrypt the
>> data, but verify that the encrypted data has not been tampered with.
> Are you sure?  There's a aes-cbc-essiv:sha256 cipher with dm-crypt.
> Are they using sha256 for something other than integrity?

AFAIK, they use it to generate the IVs for CBC mode.  Directly using
the sector numbers leads to fingerprinting vulnerabilities.

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to