On Sun, Apr 07, 2013 at 09:03:34PM +0200, Radosław Korzeniewski wrote:
> I think it is not possible to properly handle encrypted sparse data blocks
> without compromising security. The main data block size is 64kB long, so
> encrypted block should be more than 64kB long. Now, if we have a sparse
> block then its size is tens of bytes instead of 64kB, so encrypted block
> will be at the tens of bytes too not 64kB. So, if we have an encryption
> stream with a number of 64kB blocks (block boundary information is
> available on volume) and suddenly we will got a short block then for sure
> it will be a sparse block (I'm sure sparse block has its own stream
> number), then we can predict content. It is not good for security if we can
> predict original content. Think about it.

I am no mathematican but I don't really see how sparse blocks compromise
security in a real way. All an attacker knows is that a file that claims
to be 10G is only 10M, if this really compromises the encryption of the
actual content, I'd regard the used algorithm really broken.

Regards,
        Adrian
-- 
LiHAS - Adrian Reyer - Hessenwiesenstraße 10 - D-70565 Stuttgart
Fon: +49 (7 11) 78 28 50 90 - Fax:  +49 (7 11) 78 28 50 91
Mail: lihas AT lihas DOT de - Web: http://lihas.de
Linux, Netzwerke, Consulting & Support - USt-ID: DE 227 816 626 Stuttgart

------------------------------------------------------------------------------
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire 
the most talented Cisco Certified professionals. Visit the 
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users