[dm-crypt] Efficacy of xts over 1TB
arno at wagner.name
Tue Jul 27 12:21:08 CEST 2010
On Tue, Jul 27, 2010 at 01:42:01AM +0200, Mario 'BitKoenig' Holbe wrote:
> Christoph Anton Mitterer <christoph.anton.mitterer at physik.uni-muenchen.de> wrote:
> > I've just read some sections of the Standard... D4 and D6... it rather
> > seems that really the whole size (of the partition) is meant,... and not
> No, no, no, hell, no. They don't mean a size of a partition, or a disk
> or whatever. They talk about an amount of data because they mean exactly
> that: an amount of data encrypted using the same key.
> If you set up dm-crypt with aes-xts-plain on a 500G partition, fill it
> up with data, remove everything and fill it up again with other data you
> *did* encrypt 1TB of data using the same key despite the fact that your
> partition might only be 500G.
> Please feel free to re-proceed the exercise with a 250G partition.
> Of course, your attacker has to be able to capture a snapshot after the
> first fill-up ...
And that is the real limit in practice. This is more relevant for,
e.g., encrypting tape backups or other backups were a number
of generations is kept. If I understand this correctly, the
actual data exposure if you encrypt in the order of 2^(n/2)
bits, with n your block lenght, is very small, namely two blocks.
But I would need to check to be sure.
> probably via some forensic magic - people who believe
> in encryption often tend to also still believe in Peter Gutmann :)
Here I highly recomment the Epilogue, were Gutmann puts that into
perspective for modern drives: "...it's unlikely that anything
can be recovered from any recent drive except perhaps a single
level via basic error-cancelling techniques...". Also note that
nobody claims to sucessfully have done that and all major data
recovery outfits claim they cannot recover anything after a single
overwerwrite with zeros on modern drives. Also note that tape is very
different and Gutmann still applies there. (Original paper with
> If you think technology can solve your problems you don't understand
> technology and you don't understand your problems.
> -- Bruce Schneier
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt