[dm-crypt] Using plain64/plain IV (initialisation vector) in dm-crypt

Christoph Anton Mitterer christoph.anton.mitterer at physik.uni-muenchen.de
Tue Jul 27 20:58:52 CEST 2010

On Tue, 2010-07-27 at 17:45 +0200, Mario 'BitKoenig' Holbe wrote:
> This depends on your attack model and whether you believe in forensic
> magic. If your attacker cannot snapshot your encrypted data, the size of
> your encrypted disk equals the amount of encrypted data an attacker can
> get. If your attacker can snapshot your encrypted data, you are right.
I usually always expect the worst case,... i.e. that my attackers can
make snapshots... ;) *paranoid*

> Note, that if your attack model doesnt allow your attacker to snapshot
> your encrypted data, you are pretty safe with CBC-ESSIV anyways.
Well I'm rather concerned about XTS (which I use anyway at the
moment)... especially give that there are AFAIU at least two issues
which are not solved by plain64 IV generation...

- The one that you continuously write data and an attacker possibly
snapshots it...
- The other thing mentioned here by Milan with the 1TB...

Or was that the same?

> You always have to understand
> what's your goals and what you do.
Well I guess that's impossible for most end users,... (and all people
who wiped ;) their cryptography lectures knowledge)... especially when
it comes to the math behind all that...
Therefore I think we need good FAQ/documentation which teach also the
"end user" what to do in order to get "best possible" security..

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20100727/b030d664/attachment.bin>

More information about the dm-crypt mailing list