On Mon, Dec 27, 2010 at 05:10:12PM +0100, octane indice wrote: > Hello > > I'm working with dm-crypt. > Basically, we have a key, which I call Master key, which is used to cipher > blocks (or sectors). > This master key is wrapped with another keys, the 8 slots, this is not the > point here. > > Each block is then ciphered. the cipher mode is CBC, and each block has a > different IV. Today, the ESSIV is used, which means that the IV is derived > by the sector number and a hash of the master key. I'm OK with that. > > So, this means that the same block of the same plaintext is ciphered the > same way. So if a file is unchanged, then the ciphered is unchanged. > > Which means that an attacker could track the change of the ciphered blocks > and gain some (very little) knowledge, as the size of the document being > added to a encrypted partition. > > My question is: can we avoid this? The answer is yes, we just have to use a > salt. > For example, for 512byte blocks, we could use 16bytes of salt for each block. The anzwer is actually no. As changed information has to be written to diek, an attacker can allways tell when a sector is changed. This is a fundamental limitation of filesystem encryption. The only way around would be to write far more on each update, with the expected catastrophic impact on performance. > Which means that one block each 32 blocks stores the salt of the other > blocks. This way, it's possible to update all blocks and cipher them. Same > data, cipher is different. > I think we could have > -performance issue, > -decrease the size of 'usable' part of disk, 3% is used to store the salt, > which is acceptable. > > but an attacker wouldn't be able to gain any information! Wrong. The attacker could still detect the changed blocks. > Any advice on that, or a reason why the salt is not used for > encrypting blocks? Because it does not help at all. Salts only help as defense against rainbow tables. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
