[GnuPG-users] identical files -> non-identical encrypted files

Kiss Gabor (Bitman) kissg at ssg.ki.iif.hu
Mon Aug 4 10:18:09 CEST 2008 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> May I quote from the readme of loop-aes:
> 
>   Recommended key setup mode is multi-key-v3, which is based on gpg
>   encrypted key files. In this mode, the passphrase is protected against
>   optimized dictionary attacks via salting and key iteration of
>   gpg. Passphrase length should be 20 characters or more.
> 
> Obviously you are not using this mode and thus you get the same
> ciphertext.

Eeerrr... sorry to say but I think you missed something.

Loop-aes works like this:

1. disk content is encrypted/decrypted on the fly with symmetric
cipher algorithm AES.

2. Disk keys are stored in a gpg encrypted file. Multiple users
may be access to the disk keys, each with own passphrase. That is
based on the well known method: "encrypt content with a random
session key and symmetric cipher then encrypt session key multiple
times for each addressee".
(Actually this does not increase the security because any of
authorized users can extract plain disk keys from the gpg file
so ability to use personal passphrases is just a convenient feature.)

3. Disk keys do not change(!). I can restore a lost key file from an USB
stick a year after generating the encrypted block device then I can mount
it again.

4. Key file and various keys are handled automatically by losetup and
mount commands. 

5. Command 'aespipe' do the same thing as 'loop' kernel module and
losetup/mount do. (Compatibility level is 100%.) Its primary use to
encrypt an existing filesystem _in_place_. (No need to copy the content
from one block device to other. If you are not afraid of power outage. ;-)

Ian!
I suggest to make your own _test_ then tell us what is the result. :)

Moreover in case of any doubt you can contact Jari Ruusu.
Subscribe linux-crypto mailing list.

Regards

Gabor
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Made with pgp4pine 1.76

iD8DBQFIlrtEd2oiOrtquzgRAnFlAKCRlJPYbSG8NeQeM+En+h3EZZwpGwCgpDXK
x9Hlt5aIOy40mhp0wJnH3zY=
=2OeU
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list