[dm-crypt] using a salt for encrypting blocks
octane at alinto.com
Mon Dec 27 17:10:12 CET 2010
I'm working with dm-crypt.
Basically, we have a key, which I call Master key, which is used to cipher
blocks (or sectors).
This master key is wrapped with another keys, the 8 slots, this is not the
Each block is then ciphered. the cipher mode is CBC, and each block has a
different IV. Today, the ESSIV is used, which means that the IV is derived
by the sector number and a hash of the master key. I'm OK with that.
So, this means that the same block of the same plaintext is ciphered the
same way. So if a file is unchanged, then the ciphered is unchanged.
Which means that an attacker could track the change of the ciphered blocks
and gain some (very little) knowledge, as the size of the document being
added to a encrypted partition.
My question is: can we avoid this? The answer is yes, we just have to use a
For example, for 512byte blocks, we could use 16bytes of salt for each block.
Which means that one block each 32 blocks stores the salt of the other
blocks. This way, it's possible to update all blocks and cipher them. Same
data, cipher is different.
I think we could have
-decrease the size of 'usable' part of disk, 3% is used to store the salt,
which is acceptable.
but an attacker wouldn't be able to gain any information!
Any advice on that, or a reason why the salt is not used for encrypting blocks?
Envoyé avec Inmano, ma messagerie renversante et gratuite : http://www.inmano.com
More information about the dm-crypt