Package: cryptsetup Version: 20050111-3 Cryptsetup with the default parameters is vulnerable to a watermark attack (just like cryptoloop). See http://mareichelt.de/pub/notmine/diskenc.pdf for details.
This attack can be avoided by using the IV generation mode "ESSIV", which is supported from Kernel 2.6.10 onwards. This is documented in the current version of the dm-crypt README at http://www.saout.de/misc/dm-crypt/ (search for "watermark"). A similar comment should be added to the (otherwise excellent) CryptoRoot.HowTo, warning users that the default parameters are vulnerable to the attack. I propose the following wording: Change # Edit /etc/crypttab and add the following line # Replace /dev/hda4 with your backing device (lvm is ok, as is raid) root /dev/hda4 to # Edit /etc/crypttab and add the following line # Replace /dev/hda4 with your backing device (lvm is ok, as is raid) root /dev/hda4 none cipher=aes-cbc-essiv:sha256 # Note: Specifying this cipher and IV generation through the "cipher=" # parameter mode avoids the watermark # attack mentioned in README.html. However, unlike the default parameters, # it creates an encrypted partition that is incompatible with the old # cryptoloop implementation. If that matters to you, omit the cipher # specification (and live with the watermark attack). (Note: Didn't test this line, as I do not have a kernel with dm-crypt handy, but it should work. Maybe you can run a quick test.) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
