On Tuesday 13 January 2004 17:17, Marcus Williams wrote: > On 13/01/2004, Bill wrote: > > - make sure your kernel support encrypted loopback & your > > encryption of choice - configure a crypto loop to your tape > > device > > > > losetup -e twofish /dev/loop0 /dev/nst0 > > Well, you learn a new thing every day. Never thought you could do > that! What happens with media errors on the tape when you read it > back?
depends on the cipher mode you use: if using ECB (electronic codebook mode) every block of size AES_BLOCK_SIZE (e.g. for AES) is encrypted independently from each other - then media defects in one block should be a problem _only_ for the current block. Caveat: Statistical analysis are easier though if well-defined (known plaintext) values occur; refer to [1] for details. if using CBC (cipher block chaining mode) you will be more dependent from media errors because this mode adds a feedback mechanism - encryption results from previous blocks are taken into account when calculating the current one (plaintext block is XORed with previous ciphertext block). I guess that you will lose all blocks starting from the block having the media defect ;-( Instead of specifying /dev/nst0 as loopback target device just specify a local file myfile created with dd if=/dev/zero of=/tmp/myfile bsize=1024,count=...,skip=...), then you can simulate tape errors manually by changing the file using a hex editor - just try to recover afterwards ;-) Regards, Klaus [1] Schneier Bruce: Applied Cryptography. 2nd edition. Chapter 9. -- Dipl.-Ing. Klaus Holler <gmx.at after kho@>
