[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [dm-devel] [PATCH] dm-crypt: disable block encryption with arc4
- From: Sebastian Andrzej Siewior <sebatian breakpoint cc>
- To: Herbert Xu <herbert gondor apana org au>
- Cc: linux-crypto ml breakpoint cc, dm-devel redhat com, Mikulas Patocka <mpatocka redhat com>, linux-crypto vger kernel org, agk redhat com, mbroz redhat com
- Subject: Re: [dm-devel] [PATCH] dm-crypt: disable block encryption with arc4
- Date: Tue, 9 Feb 2010 15:57:05 +0100
* Herbert Xu | 2010-02-09 18:37:18 [+1100]:
>Mikulas Patocka <mpatocka redhat com> wrote:
>>
>> You should rather add a flag CRYPTO_ALG_CHANGES_STATE to determine that a
>> cipher can't be used to encrypt disks.
>
>No, please see my reply in the previous thread. What we should
>do is fix arc4. I just haven't got around to doing it yet.
>
>As to blacklisting algorithms not suitable for disk encryption,
>that is up to the dm-crypt maintainers to decide.
Herbert, what happend to the "check for streamcipher" idea you had? Is
it gone? On the other hand it wouldn't be probably that bad to have a
seprate interface to grab a block cipher _or_ a stream cipher. So
something like this wouldn't happen. This is basically the "check for
stream cipher" without encrypt = decrypt plus with a struct the cra_u
union.
I can't imaging how you want to fix arc4 that it will work in dm-crypt.
The algorithm relies more or less on the fact that it envolves itself
during processing of data.
Salsa works with dm-crypt because the internal state is taken from the
IV and is never written back. dm-crypt always encrypts/decrypts a 512
block in one go. Splitting it in two and requesting two 256 block
encryptions would work with _every_ other block cipher but break salsa.
>
>Cheers,
Sebastian
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]