Hi,
First some explanation. Most cryption algorithms initialize
the cryption process with some init values, called IV (by me :-).
This means that two identical clear messages will give
different encrypted messages, if different IVs are used.
The loop device supports different IVs;
the IVs are initilized with the requested block
number.
I believe a better way is to use the requested
sector number from CURRENT->sector.
Using this value should make the encryption and decryption
process completely independent from the underlying device.
This is especially important when using a backing file.
At the moment (as far as i heard) you can't use a backing
file on a harddisk and then burn it to a CD, because the
blocksize changes. Using sectors as atomic encryption unit
should solve this problem.
There is one drawback: The cryption algorithms have to
know this semantic. At the moment most of the cryption algorithms
use CBC mode to crypt a stream. When sector numbers are
used as IV's the CBC mode has to be restarted periodically
after 512 bytes with an incremented sector number as new IV's.
(Please CC me if you want to comment :-) )
so long
Ingo
PS: Please have a look at the patch. It is against linux-2.4test9.
I already mailed this patch to Alexander Kjeldaas who
maintains the international crypto patch, but I don't know
who maintains the loop device. (I know that it was originally
written by Theodore Ts'o, but is he also the Maintainer ?)
Please include the patch into the main tree...
This archive was generated by hypermail 2b29 : Tue Oct 10 2000 - 10:13:08 EDT