[dm-crypt] Efficacy of xts over 1TB

Mario 'BitKoenig' Holbe Mario.Holbe at TU-Ilmenau.DE
Tue Jul 27 01:42:01 CEST 2010

Christoph Anton Mitterer <christoph.anton.mitterer at physik.uni-muenchen.de> wrote:
> I've just read some sections of the Standard... D4 and D6... it rather
> seems that really the whole size (of the partition) is meant,... and not

No, no, no, hell, no. They don't mean a size of a partition, or a disk
or whatever. They talk about an amount of data because they mean exactly
that: an amount of data encrypted using the same key.

If you set up dm-crypt with aes-xts-plain on a 500G partition, fill it
up with data, remove everything and fill it up again with other data you
*did* encrypt 1TB of data using the same key despite the fact that your
partition might only be 500G.
Please feel free to re-proceed the exercise with a 250G partition.

Of course, your attacker has to be able to capture a snapshot after the
first fill-up ... probably via some forensic magic - people who believe
in encryption often tend to also still believe in Peter Gutmann :)

If you think technology can solve your problems you don't understand
technology and you don't understand your problems.
                                -- Bruce Schneier

More information about the dm-crypt mailing list