Christoph Anton Mitterer <christoph.anton.mitterer@xxxxxxxxxxxxxxxxxxxxxx> wrote:
> I've just read some sections of the Standard... D4 and D6... it rather
> seems that really the whole size (of the partition) is meant,... and not
No, no, no, hell, no. They don't mean a size of a partition, or a disk
or whatever. They talk about an amount of data because they mean exactly
that: an amount of data encrypted using the same key.
If you set up dm-crypt with aes-xts-plain on a 500G partition, fill it
up with data, remove everything and fill it up again with other data you
*did* encrypt 1TB of data using the same key despite the fact that your
partition might only be 500G.
Please feel free to re-proceed the exercise with a 250G partition.
Of course, your attacker has to be able to capture a snapshot after the
first fill-up ... probably via some forensic magic - people who believe
in encryption often tend to also still believe in Peter Gutmann :)
regards
Mario
--
If you think technology can solve your problems you don't understand
technology and you don't understand your problems.
-- Bruce Schneier
_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt
