[dm-crypt] using a salt for encrypting blocks

octane indice octane at alinto.com
Tue Dec 28 09:29:23 CET 2010

En réponse à Arno Wagner <arno at wagner.name> :
> The anzwer is actually no. As changed information has to be 
> written to diek, an attacker can allways tell when a sector 
> is changed.

My idea is to cipher _all_ blocks by changing the salt.

> This is a fundamental limitation of filesystem
> encryption. The only way around would be to write far more
> on each update,


> with the expected catastrophic impact on 
> performance.
not so much, depending on how much data you cipher.
I use files of less than 100Mbytes and cipher them. On
close, a full recipher wouldn't take long.
> > but an attacker wouldn't be able to gain any information!
> Wrong. The attacker could still detect the changed blocks.
not if I change all of them.
> > Any advice on that, or a reason why the salt is not used for
> > encrypting blocks?
> Because it does not help at all. Salts only help as defense
> against rainbow tables.
In this situation it helps in order to change the ciphered version even if
we don't change the clear.
-We could change the master key: impossible in practice.
-We could change the IV: I don't see how.
Plus, both options can't afford a break (as of power loss) in the
reciphering: which key would be used after?

If we use a salt, we can always decipher, even if a break occurs while
reciphering; at last, only one block could be unreadable.

> _______________________________________________

Envoyé avec Inmano, ma messagerie renversante et gratuite : http://www.inmano.com

More information about the dm-crypt mailing list