On Tue, 2010-07-27 at 17:45 +0200, Mario 'BitKoenig' Holbe wrote: > This depends on your attack model and whether you believe in forensic > magic. If your attacker cannot snapshot your encrypted data, the size of > your encrypted disk equals the amount of encrypted data an attacker can > get. If your attacker can snapshot your encrypted data, you are right. I usually always expect the worst case,... i.e. that my attackers can make snapshots... ;) *paranoid* > Note, that if your attack model doesnt allow your attacker to snapshot > your encrypted data, you are pretty safe with CBC-ESSIV anyways. Well I'm rather concerned about XTS (which I use anyway at the moment)... especially give that there are AFAIU at least two issues which are not solved by plain64 IV generation... - The one that you continuously write data and an attacker possibly snapshots it... - The other thing mentioned here by Milan with the 1TB... Or was that the same? > You always have to understand > what's your goals and what you do. Well I guess that's impossible for most end users,... (and all people who wiped ;) their cryptography lectures knowledge)... especially when it comes to the math behind all that... Therefore I think we need good FAQ/documentation which teach also the "end user" what to do in order to get "best possible" security.. Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
