[dm-crypt] using a salt for encrypting blocks
octane at alinto.com
Tue Dec 28 09:29:23 CET 2010
En réponse à Arno Wagner <arno at wagner.name> :
> The anzwer is actually no. As changed information has to be
> written to diek, an attacker can allways tell when a sector
> is changed.
My idea is to cipher _all_ blocks by changing the salt.
> This is a fundamental limitation of filesystem
> encryption. The only way around would be to write far more
> on each update,
> with the expected catastrophic impact on
not so much, depending on how much data you cipher.
I use files of less than 100Mbytes and cipher them. On
close, a full recipher wouldn't take long.
> > but an attacker wouldn't be able to gain any information!
> Wrong. The attacker could still detect the changed blocks.
not if I change all of them.
> > Any advice on that, or a reason why the salt is not used for
> > encrypting blocks?
> Because it does not help at all. Salts only help as defense
> against rainbow tables.
In this situation it helps in order to change the ciphered version even if
we don't change the clear.
-We could change the master key: impossible in practice.
-We could change the IV: I don't see how.
Plus, both options can't afford a break (as of power loss) in the
reciphering: which key would be used after?
If we use a salt, we can always decipher, even if a break occurs while
reciphering; at last, only one block could be unreadable.
Envoyé avec Inmano, ma messagerie renversante et gratuite : http://www.inmano.com
More information about the dm-crypt