Aram Perez wrote: Another response was you haven't heard of anyone breaking SD cards have you? I love responses like this. In the physical world there are the examples of the Kyptonite lock and the Master Combination lock. By the time you hear about the methodology of the attack someone
On Wed, Apr 25, 2007 at 05:42:44PM -0500, Nicolas Williams wrote: A confounder is an extra block of random plaintext that is prepended to a message prior to encryption with a block cipher in CBC (or CTS) mode; the resulting extra block of ciphertext must also be sent to the peer. Not true.
I've always wondered this about the lesser-used modes. What's special about CBC? With CFB in particular, I think 8-bit CFB is stupid (one full block encryption per byte processed - rather computationally expensive), but n-bit CFB seems just as useful as CBC, if not more so. Specifically, I can
One more thing to consider; if you pick a reasonable MAC with twice the security factor you need, then truncate the output to half the size, I believe you get both confidentiality and integrity/authentication guarantees of the desired strength. -- Kill dash nine, and its no more CPU time, kill
On Wed, Apr 25, 2007 at 03:32:43PM -0500, Travis H. wrote: I think a simple evolution would be to make /boot and/or /root on removable media (e.g. CD-ROM or USB drive) so that one could take it with you. Marc Schiesser gave a tutorial at EuroBSDcon 2005 on encrypting the whole hard drive on
On Wed, 25 Apr 2007, Hagai Bar-El wrote: It seems as Aram uses a different IV for each message encrypted with CBC. I am not sure I see a requirement for randomness here. As far as I can tell, this IV can be a simple index number or something as predictable, as long as it does not repeat within
On Wed, 25 Apr 2007, Travis H. wrote: Just recently I discovered Debian default installs now support encrypted root (/boot still needs to be decrypted). Presumably we are moving back the end of the attack surface; with encrypted root, one must attack /boot or the BIOS. What is the limit?