[dm-crypt] inner workings of block mode encryption

Ralf Ramsauer ralf+dm at ramses-pyramidenbau.de
Sun Feb 8 22:34:22 CET 2015


Hi

On 02/08/2015 06:42 PM, Heinz Diehl wrote:
>> Knowing just one cleartext file, for example a well known static
>> > system file from the /etc directory, and its encrpted data, could
>> > easily lead to the master key (assuming the encrypted volume
>> > contains such system files).
> Neither AES, serpent nor twofish are prone to known-plaintext attacks.
> Breaking some rounds is not the same as breaking the cipher.
>
I absolutely agree, Heinz.

Only the knowledge of a plain text block an the corresponding cipher
text block is NOT sufficient to "guess" or derive the key.
This is one of the major design criteria of symmetric block ciphers.

When I did my first steps in cryptography I also naively thought that
knowing a cipher text and a corresponsing plain text automatically
offers the possibility to derive the key but this is absolutely not the
truth.

And the use of the same key throughout your volume is NOT a vulnerability.

If you're of another opinion please show me references.

I recommend you to read the following links:
http://git.dyne.org/tomb/plain/doc/New_methods_in_HD_encryption.pdf
http://en.wikipedia.org/wiki/Watermarking_attack
http://en.wikipedia.org/wiki/Disk_encryption_theory
http://cacr.uwaterloo.ca/hac/ <- great book, online available for free

cheers
  Ralf



More information about the dm-crypt mailing list