Re: Status of attacks on AES?

2006-05-05 Thread Elisabeth Oswald
Hi, if "current status" refers to the latest published papers then you can find a short overview over the best known attacks on http://www.iaik.tugraz.at/research/krypto/AES/index.php Elisabeth Joachim Strombergson schrieb: Aloha! Just out of curiosity I tried to Google around for recent pa

Re: Linux RNG paper

2006-05-05 Thread Travis H.
On 5/4/06, markus reichelt <[EMAIL PROTECTED]> wrote: I'm interested as well in watermark/dictionary attacks (like on mainline cryptoloop) on ecryptfs. Here's general info: http://clemens.endorphin.org/LinuxHDEncSettings I couldn't get to the ecryptfs sourceforge site right now so I can't tell

RE: Linux RNG paper

2006-05-05 Thread Kuehn, Ulrich
> From: Travis H. [mailto:[EMAIL PROTECTED] > > On 5/4/06, markus reichelt <[EMAIL PROTECTED]> wrote: > > Agreed; but regarding unix systems, I know of none crypto > > implementation that does integrity checking. Not just de/encrypt the > > data, but verify that the encrypted data has not been ta

encrypted filesystem integrity threat-model (Re: Linux RNG paper)

2006-05-05 Thread Adam Back
I think an encrypted file system with builtin integrity is somewhat interesting however the threat model is a bit broken if you are going to boot off a potentially tampered with disk. I mean the attacker doesnt have to tamper with the proposed encrypted+MACed data, he just tampers with the boot se

Re: Linux RNG paper

2006-05-05 Thread Victor Duchovni
On Thu, May 04, 2006 at 01:44:48PM -0500, Travis H. wrote: > I guess perhaps the reason they don't do integrity checking is that it > involves redundant data, so the encrypted volume would be smaller, or > the block offsets don't line up, and perhaps that's trickier to handle > than a 1:1 correspo

Re: Encrypted disk storage

2006-05-05 Thread John Gilmore
> > I guess perhaps the reason they don't do integrity checking is that it > > involves redundant data, so the encrypted volume would be smaller, or > > the block offsets don't line up, and perhaps that's trickier to handle > > than a 1:1 correspondence. > > Exactly, many file systems rely on bloc

Re: Linux RNG paper

2006-05-05 Thread Florian Weimer
* Travis H.: > On 5/4/06, markus reichelt <[EMAIL PROTECTED]> wrote: >> Agreed; but regarding unix systems, I know of none crypto >> implementation that does integrity checking. Not just de/encrypt the >> data, but verify that the encrypted data has not been tampered with. > > Are you sure? There

Re: Linux RNG paper

2006-05-05 Thread leichter_jerrold
| > I guess perhaps the reason they don't do integrity checking is that it | > involves redundant data, so the encrypted volume would be smaller, or | > the block offsets don't line up, and perhaps that's trickier to handle | > than a 1:1 correspondence. | | Exactly, many file systems rely on bloc