[dm-devel] [PATCH] dm-crypt: disable block encryption with arc4
Sebastian Andrzej Siewior
linux-crypto at ml.breakpoint.cc
Tue Jan 26 13:34:13 UTC 2010
* Mikulas Patocka | 2010-01-26 07:27:18 [-0500]:
>> yes, I think it is better.
>> (...and I just forgot to add that test to dm-crypt after that suggestion.)
>>
>> Milan
>
>Hmm, there is salsa20 that has block size 1, larger initialization
>vectors, and can be used to encrypt disks (although salsa20 doesn't
>currently work with dm-crypt, because it doesn't accept "ecb(), cbc(),
>etc." chaining modes --- but if you remove the chaining mode manually, it
>works).
>
>You should rather add a flag CRYPTO_ALG_CHANGES_STATE to determine that a
>cipher can't be used to encrypt disks.
Just because it will work does not make it a good idea.
SALSA20 is a stream cipher not a block cipher.
Block ciphers are used to encrypt data.
Stream ciphers are used to create one time pads, a set of encryption
keys, ...
There are block modes like CTR which can turn a block cipher into a
stream cipher. Those should not be used for disk encryption as well.
>
>Mikulas
Sebastian
More information about the dm-devel
mailing list