On Sun, Apr 07, 2013 at 09:03:34PM +0200, Radosław Korzeniewski wrote: > I think it is not possible to properly handle encrypted sparse data blocks > without compromising security. The main data block size is 64kB long, so > encrypted block should be more than 64kB long. Now, if we have a sparse > block then its size is tens of bytes instead of 64kB, so encrypted block > will be at the tens of bytes too not 64kB. So, if we have an encryption > stream with a number of 64kB blocks (block boundary information is > available on volume) and suddenly we will got a short block then for sure > it will be a sparse block (I'm sure sparse block has its own stream > number), then we can predict content. It is not good for security if we can > predict original content. Think about it.
I am no mathematican but I don't really see how sparse blocks compromise security in a real way. All an attacker knows is that a file that claims to be 10G is only 10M, if this really compromises the encryption of the actual content, I'd regard the used algorithm really broken. Regards, Adrian -- LiHAS - Adrian Reyer - Hessenwiesenstraße 10 - D-70565 Stuttgart Fon: +49 (7 11) 78 28 50 90 - Fax: +49 (7 11) 78 28 50 91 Mail: li...@lihas.de - Web: http://lihas.de Linux, Netzwerke, Consulting & Support - USt-ID: DE 227 816 626 Stuttgart ------------------------------------------------------------------------------ Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users