Dirk Heinrichs wrote: >Am Mittwoch, 1. Juni 2005 19:06 schrieb ext Richard Fish: > > > >>It is pretty easy to google for such a comparison. The main security >>problem with dm-crypt is that it doesn't support multi-key encryption >>modes, which makes it vulnerable to "watermark" attacks. It is better >>than it used to be, with reasonable key hashing and cbc modes though. >> >> > >You're right concerning google :-). Anyway it gave me only one useable >security comparison [1]. This one clearly states that dm-crypt starting >with kernel 2.6.10 is no longer vulnerable against watermark attacks. >However, what it didn't say is that you have to re-encrypt your disks to >get this enhanced security. > > >
Well, as I said, it is an improvement. But to quote from the dm-crypt home page: "There will be additional (incompatible, but more secure) possibilites in the future because the unhashed sector number as IV is too predictible." So even with the new IV code, it is still susceptible to the watermark attack. -Richard -- [email protected] mailing list
