Re: Using plain64/plain IV (initialisation vector) in dm-crypt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2010-07-27 at 17:45 +0200, Mario 'BitKoenig' Holbe wrote:
> This depends on your attack model and whether you believe in forensic
> magic. If your attacker cannot snapshot your encrypted data, the size of
> your encrypted disk equals the amount of encrypted data an attacker can
> get. If your attacker can snapshot your encrypted data, you are right.
I usually always expect the worst case,... i.e. that my attackers can
make snapshots... ;) *paranoid*


> Note, that if your attack model doesnt allow your attacker to snapshot
> your encrypted data, you are pretty safe with CBC-ESSIV anyways.
Well I'm rather concerned about XTS (which I use anyway at the
moment)... especially give that there are AFAIU at least two issues
which are not solved by plain64 IV generation...

- The one that you continuously write data and an attacker possibly
snapshots it...
- The other thing mentioned here by Milan with the 1TB...

Or was that the same?


> You always have to understand
> what's your goals and what you do.
Well I guess that's impossible for most end users,... (and all people
who wiped ;) their cryptography lectures knowledge)... especially when
it comes to the math behind all that...
Therefore I think we need good FAQ/documentation which teach also the
"end user" what to do in order to get "best possible" security..



Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux