[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: [dm-devel] [PATCH] dm-crypt: disable block encryption with arc4
- From: Sebastian Andrzej Siewior <linux-crypto ml breakpoint cc>
- To: Mikulas Patocka <mpatocka redhat com>
- Cc: dm-devel redhat com, linux-crypto vger kernel org, Alasdair G Kergon <agk redhat com>, Milan Broz <mbroz redhat com>
- Subject: Re: [dm-devel] [PATCH] dm-crypt: disable block encryption with arc4
- Date: Tue, 26 Jan 2010 14:34:13 +0100
* Mikulas Patocka | 2010-01-26 07:27:18 [-0500]:
>> yes, I think it is better.
>> (...and I just forgot to add that test to dm-crypt after that suggestion.)
>>
>> Milan
>
>Hmm, there is salsa20 that has block size 1, larger initialization
>vectors, and can be used to encrypt disks (although salsa20 doesn't
>currently work with dm-crypt, because it doesn't accept "ecb(), cbc(),
>etc." chaining modes --- but if you remove the chaining mode manually, it
>works).
>
>You should rather add a flag CRYPTO_ALG_CHANGES_STATE to determine that a
>cipher can't be used to encrypt disks.
Just because it will work does not make it a good idea.
SALSA20 is a stream cipher not a block cipher.
Block ciphers are used to encrypt data.
Stream ciphers are used to create one time pads, a set of encryption
keys, ...
There are block modes like CTR which can turn a block cipher into a
stream cipher. Those should not be used for disk encryption as well.
>
>Mikulas
Sebastian
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]