[dm-crypt] Efficacy of xts over 1TB

Arno Wagner arno at wagner.name
Tue Jul 27 12:21:08 CEST 2010

On Tue, Jul 27, 2010 at 01:42:01AM +0200, Mario 'BitKoenig' Holbe wrote:
> Christoph Anton Mitterer <christoph.anton.mitterer at physik.uni-muenchen.de> wrote:
> > I've just read some sections of the Standard... D4 and D6... it rather
> > seems that really the whole size (of the partition) is meant,... and not
> No, no, no, hell, no. They don't mean a size of a partition, or a disk
> or whatever. They talk about an amount of data because they mean exactly
> that: an amount of data encrypted using the same key.
> If you set up dm-crypt with aes-xts-plain on a 500G partition, fill it
> up with data, remove everything and fill it up again with other data you
> *did* encrypt 1TB of data using the same key despite the fact that your
> partition might only be 500G.
> Please feel free to re-proceed the exercise with a 250G partition.
> Of course, your attacker has to be able to capture a snapshot after the
> first fill-up ... 

And that is the real limit in practice. This is more relevant for,
e.g., encrypting tape backups or other backups were a number
of generations is kept. If I understand this correctly, the
actual data exposure if you encrypt in the order of 2^(n/2)
bits, with n your block lenght, is very small, namely two blocks. 
But I would need to check to be sure.

> probably via some forensic magic - people who believe
> in encryption often tend to also still believe in Peter Gutmann :)

Here I highly recomment the Epilogue, were Gutmann puts that into 
perspective for modern drives: "...it's unlikely that anything 
can be recovered from any recent drive except perhaps a single 
level via basic error-cancelling techniques...". Also note that 
nobody claims to sucessfully have done that and all major data
recovery outfits claim they cannot recover anything after a single
overwerwrite with zeros on modern drives. Also note that tape is very
different and Gutmann still applies there. (Original paper with
updates: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html)
> regards
>    Mario
> -- 
> If you think technology can solve your problems you don't understand
> technology and you don't understand your problems.
>                                 -- Bruce Schneier

Nice quote! 

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list