Christoph Anton Mitterer <christoph.anton.mitterer@xxxxxxxxxxxxxxxxxxxxxx> wrote: > http://en.wikipedia.org/wiki/XTS_mode#Issues_with_XTS > Anybody with some deeper knowledge about it? No deeper knowledge, but the authors of XTS refer to the separation of keys on the purpose they are used for as good security design practice, as the NIST Key Management Guidelines do as well. It may or may not provide additional security. This basically depends on what you compare it to. For example: if you would specify a derivation of XTS where one key is used for both AESEnc operations or where one key is derived from the other using PBKDF2 (or both from a 3rd), you actually would need to prove that there is no bad interference between the two AESEnc operations and PBKDF2. If the math behind it would be "bad", it could produce collisions, or shortening, for example. I don't know if somebody ever did this, but if you choose two independent keys, you just circumvent to do do the math. Thus, I think the more important part is: it does not harm security :) Btw.: please don't confuse the example above with Clemens proposal in Message-ID: <2f83750a0904160037n4a260b96g266b9d735a745556@xxxxxxxxxxxxxx> This is different because the keys derived from each other are used mostly independent there (except for block moves). regards Mario -- > As Luke Leighton said once on samba-ntdom, "now, what was that about > rebooting? that was so long ago, i had to look it up with man -k." _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
