[dm-crypt] Using plain64/plain IV (initialisation vector) in dm-crypt
Christoph Anton Mitterer
christoph.anton.mitterer at physik.uni-muenchen.de
Tue Jul 27 20:58:52 CEST 2010
On Tue, 2010-07-27 at 17:45 +0200, Mario 'BitKoenig' Holbe wrote:
> This depends on your attack model and whether you believe in forensic
> magic. If your attacker cannot snapshot your encrypted data, the size of
> your encrypted disk equals the amount of encrypted data an attacker can
> get. If your attacker can snapshot your encrypted data, you are right.
I usually always expect the worst case,... i.e. that my attackers can
make snapshots... ;) *paranoid*
> Note, that if your attack model doesnt allow your attacker to snapshot
> your encrypted data, you are pretty safe with CBC-ESSIV anyways.
Well I'm rather concerned about XTS (which I use anyway at the
moment)... especially give that there are AFAIU at least two issues
which are not solved by plain64 IV generation...
- The one that you continuously write data and an attacker possibly
- The other thing mentioned here by Milan with the 1TB...
Or was that the same?
> You always have to understand
> what's your goals and what you do.
Well I guess that's impossible for most end users,... (and all people
who wiped ;) their cryptography lectures knowledge)... especially when
it comes to the math behind all that...
Therefore I think we need good FAQ/documentation which teach also the
"end user" what to do in order to get "best possible" security..
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3387 bytes
Desc: not available
More information about the dm-crypt