David Santamaría Rogado <howl.nsp@xxxxxxxxx> wrote: > There is also an issue about the size of the filesystem encrypted with > the support of XTS. This is discussed here: > http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/2008-September/002265.html Yes, Micah refers to D.4.3 in the NIST "Extract from IEEE Std 1619-2007" here: strong security is proven as long as the same key is not used to encrypt >>1TB data. > But in the wikipedia's discussion: > http://en.wikipedia.org/wiki/Talk:Disk_encryption_theory#Issues_with_XTS It seems like this guy didn't read D.4.3, but refers to 5.1. > So, XTS has collision troubles with >500 GB or >1TB of data, or, it's a > misconception and there isn't any issue about this on large > filesystems. It's not exactly collisions, but more like a collision probability, if you want to keep the term. Effectively, its the sucess probability of an attack that increases. Depending on the amount of data you like to encrypt and on your security needs this may or may not be a concern for you. The attack success probability doesn't instantly jump to 1 if you encrypt more than 1TB of data, but increases from not better than 2^-53 for 1TB to about 2^-37 for 1PB to about 2^-17 for 1EB. This may or may not sound less dangerous for you than it really is. Just consider an incremented exponent means a double-up (though, we're talking about very small numbers here). Please also note that depending on your security needs and usage pattern, the term "a key is used to encrypt 1TB of data" is not necessarily equivalent to "a key is used to encrypt a 1TB disk". If you, for example, have a disk where much data is modified often and you expect your attacker to be able to get snapshots of the encrypted disk without your knowledge, your "safe" disk size effectively decreases. regards Mario -- The social dynamics of the net are a direct consequence of the fact that nobody has yet developed a Remote Strangulation Protocol. -- Larry Wall _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
