Hi, this is really a crypto block-cipher question, and the question is "what about known-plaintext attacks?". The thing is that a cipher where known plaintext/ciphertext pairs (not just parity, but the one where you have all bits of the plaintext and all bits of ciphertext and that possibly for a large but practical amount of data) does compromise your key or further encryptions with the same key, is considered broken by todays crypto standards. So, yes, all you cite may make an attack easier, but for a non-broken block-cipher, it must still be far, far out of reach and hence is not an issue. Or to put it short: Not a concern. Or if it is a concern, your ciopher is broken you should instead to switch to an unbroken cipher. Arno On Sat, Jun 07, 2014 at 02:48:32 CEST, Christoph Anton Mitterer wrote: > Hey. > > Perhaps, the following should go to the FAQ as well... > > I'm using dm-crypt with aes-xts-plain64 and wondered whether it has any > security implications on whether it is used > - above MD RAID (i.e. multiple devices, forming a single block device > via MD/mdadm, on which dm-crypt/LUKS is used)... > - below MD RAID or e.g. btrfs/ZFS RAID (i.e. multiple devices, each with > it's own dm-crypt/LUKS, either with the same or different master keys, > and on top of the opened devices a RAID formed by MD/mdadm or btrfs/ZFS. > > > I wondered that because, RAID (and especially that of MD, where the > layout of blocks is far more deterministic than with btrfs/ZFS RAID) > always has some fixed (and known) structure... where it e.g. known > where blocks and corresponding parity blocks (in RAID5/6 or similar > levels) ... or at least how adjacent blocks are striped over devices > (RAID 1, 10 and similar). > > I mean especially with btrfs/ZFS the only choice it to have dm-crypt > below the RAID... while in a "traditional" MD/dmcrypt/ext4 setup I'd > usually have placed MD at the lowest level, and dm-crypt just above > it... with LVM, ext4/xfs/etc. above. > > > So are there any known ways to exploit this in crypto analysis, > especially statistical attacks, that are e.g. only possible if dmcrypt > is below the RAID (or vice versa)? Or that become possible, if all the > underlying dm-crypt devices of a RAID would be configured to use the > same master key? > > Or is this mitigated by XTS? And what about the other block cipher > modes? > > > Cheers, > Chris. > _______________________________________________ > dm-crypt mailing list > dm-crypt@xxxxxxxx > http://www.saout.de/mailman/listinfo/dm-crypt -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@xxxxxxxxxxx GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- A good decision is based on knowledge and not on numbers. - Plato _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
