But why? Kernels that have dm-crypt already do that.
As of this writing (cryptsetup-0.1.tar.bz2), the key
setup in dm-crypt has a backdoor. Re-implementing
something less secure than loop-AES does not make much
sense.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I think your use of the term "backdoor" isn't being used in
the correct way I would understand the term to mean.
backdoor = Installing a deliberate way around security by
the vendor supplying the security system. For the reasons
of facilitating malicious intent at a later date.
Are you saying that ESSIV mode is less secure than
single-key mode ?
To answer your question why. Simply to provide as much
compabilitiy between the two systems as possible.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
> I think your use of the term "backdoor" isn't being
> used in the correct way I would understand the term to
> mean.
dm-crypt folks copied key setup method (no salt and no
iteration) that was intentionally weakened. It is
intentional because people responsible for mainline
losetup and mount programs have refused to fix that
hole for *years*.
> Are you saying that ESSIV mode is less secure than
> single-key mode?
Nope. ESSIV is much better than plain sector IV. Old
cryptoloop on-disk format has more than one huge hole.
ESSIV closed one hole, other hole is still wide open.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Logged In: YES
user_id=238645
But why? Kernels that have dm-crypt already do that.
As of this writing (cryptsetup-0.1.tar.bz2), the key
setup in dm-crypt has a backdoor. Re-implementing
something less secure than loop-AES does not make much
sense.
Logged In: YES
user_id=87288
I think your use of the term "backdoor" isn't being used in
the correct way I would understand the term to mean.
backdoor = Installing a deliberate way around security by
the vendor supplying the security system. For the reasons
of facilitating malicious intent at a later date.
Are you saying that ESSIV mode is less secure than
single-key mode ?
To answer your question why. Simply to provide as much
compabilitiy between the two systems as possible.
Logged In: YES
user_id=238645
> I think your use of the term "backdoor" isn't being
> used in the correct way I would understand the term to
> mean.
dm-crypt folks copied key setup method (no salt and no
iteration) that was intentionally weakened. It is
intentional because people responsible for mainline
losetup and mount programs have refused to fix that
hole for *years*.
> Are you saying that ESSIV mode is less secure than
> single-key mode?
Nope. ESSIV is much better than plain sector IV. Old
cryptoloop on-disk format has more than one huge hole.
ESSIV closed one hole, other hole is still wide open.