On 7/04/2010 8:42 PM, Matija Nalis wrote: > On Wed, Apr 07, 2010 at 06:52:40PM +0800, Craig Ringer wrote: >> Bacula currently only uses the AES CBC cypher mode. This cypher can't be >> effectively parallelized because block n+1 depends on block n. >> >> The AES ECB mode was developed to address that limitation. Support for > > Actually, ECB was "developed" as it is one of the building blocks for > CBC (and other schemes). It is not secure at all by itself.
Yeah. I got confused at some point while digging into all this. Thanks for following up and explicitly pointing it out, as it needs to be on record with the original post. At some point I'd got ECB and CTR mode muddled. This is why I should probably stick to something not even remotely touching on security, or at least do it when I'm reasonably awake ;-) > I really think doing pure ECB is a veeery bad way to go, as it lulls > the user in false sense of security without actually providing security. Yep. Not as bad as the recent "AES encrypted" USB flash disks that just used the user's password as a key to AES-128 encrypt/decrypt a session "key" that they merrily used to xor all the data written to / read from disk. Still inscure, though, due to known-plaintext attacks. > I know just enough crypto to know that without knowing waaaaay much > more I'm likely to make terrible mistakes (and we all still remember > Debian "fixing" OpenSSL security fiasco, don't we?). Raw ECB sounds > just like one of those mistakes. You're quite right. -- Craig Ringer ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
