On 7/04/2010 8:42 PM, Matija Nalis wrote:
> On Wed, Apr 07, 2010 at 06:52:40PM +0800, Craig Ringer wrote:
>> Bacula currently only uses the AES CBC cypher mode. This cypher can't be
>> effectively parallelized because block n+1 depends on block n.
>>
>> The AES ECB mode was developed to address that limitation. Support for
>
> Actually, ECB was "developed" as it is one of the building blocks for
> CBC (and other schemes). It is not secure at all by itself.
Yeah. I got confused at some point while digging into all this. Thanks
for following up and explicitly pointing it out, as it needs to be on
record with the original post.
At some point I'd got ECB and CTR mode muddled. This is why I should
probably stick to something not even remotely touching on security, or
at least do it when I'm reasonably awake ;-)
> I really think doing pure ECB is a veeery bad way to go, as it lulls
> the user in false sense of security without actually providing security.
Yep. Not as bad as the recent "AES encrypted" USB flash disks that just
used the user's password as a key to AES-128 encrypt/decrypt a session
"key" that they merrily used to xor all the data written to / read from
disk. Still inscure, though, due to known-plaintext attacks.
> I know just enough crypto to know that without knowing waaaaay much
> more I'm likely to make terrible mistakes (and we all still remember
> Debian "fixing" OpenSSL security fiasco, don't we?). Raw ECB sounds
> just like one of those mistakes.
You're quite right.
--
Craig Ringer
------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users
|