On Fri, 17 Jun 2005 17:15:32 +1000 Alexander Zangerl <[EMAIL PROTECTED]> wrote:
> no, this is subtly wrong. the *encrypted* block affects the decryption > of the block following it, not the cleartext block. That's a possible, but unsecure way to do that. This way, an attacker can try to decrypt any block x by using the encrypted block x-1 and guessing the passphrase. When knowing the structure of the filesystem, he will have a chance to find the passphrase in a reasonable time. When an attacher HAS TO decrypt the first block of a filesystem, AND this filesystem starts with a challenge (random data) in the first block and the real filesystem begins at the second block, there is no way to guess the passphrase, because the attacker cannot check, if the first block was decrypted correctly. If i had to build an encrypted filesystem, i would use clusters of i.e. 8kb, starting with a challenge (256 bytes), followed by data (7.5 kb), followed by error correction data (256 bytes). On every write, the first 7 3/4 kb will be encrypted and then the error-corrction code will we calculated for that data and stored in the last part of the cluster. I think, this will give good security with reasonable CPU-effort. -- mit freundlichen Gruessen / with friendly regards Michael Buchholz Phone.: +49 231 4755513 Paschknappstr. 13 Mobil.: +49 171 3111861 44265 Dortmund, Germany Fax...: +49 231 4755514 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
