[dm-crypt] Cryptographic issues with SSD-technology and wide-block encryption modes

Milan Broz gmazyland at gmail.com
Wed Feb 6 15:08:00 CET 2013

On 02/06/2013 02:34 PM, Stavros Kousidis wrote:
>> But that said, yes I'm very well aware of this problem and I would
>> like to have at least some analysis what's really going on in todays
>> flash storage devices and how it is related to disk encryption security.
>> So let's try to gather some data first.
> That clarifies some things to me, and yes, I would also like to know what's happening inside those things. Especially since I have seen:
> http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf

yes, this is nice paper!

Please if anyone here have more such pointers, please post it here!

I am quite interested in research here and there are several interesting
interactions which surely need more coverage.

>> But do not forget one thing - while cryptsetup is always open to support
>> wide range of algorithms, a huge user base is bound by standards which do not
>> allow them to use anything else. That's why XTS is so widely used.
> Ok that sounds reasonable (doable???). What exactly do you mean by a huge user base being bound by standards and to XTS?

I mean users which are required to comply (at least to some extent) to FIPS standards for example.
(Usually government & public sector etc.)
Here, AFAIK, you can use AES and CBC or XTS modes only.
And I am trying to keep default cryptsetup/LUKS modes compatible with these,
but really, that was just note that many people will (or will have to) prefer standard modes
(which get more analysis as well).


More information about the dm-crypt mailing list