Security Basics mailing list archives
Re: Disk Encryption: aes-xts-plain vs aes-xts-essiv
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Fri, 22 May 2009 13:55:22 -0430
On Viernes 22 Mayo 2009 09:15:26 phoenixprecedent () gmail com escribió:
I've searched around and I can't seem to find a straight answer. Is ESSIV necessary in conjunction with XTS? dm-crypt/Luks recommends using "plain," but without justification/explanation. I'm no cryptographer, but a little insight would be helpful.
Hi phoenix, im not a master on crypto, but let me say what i think. This is only theory. XTS is a good method itself to protect your information only on sector based mechanisms... this is basically based on the position of this data on the disk, mathematics on this are designed to provide sufficient security, but still experimental.... Unlike XTS, CBC must read the previos cypher block to encrypt the next, and... in CBC (with IV's), if you need to change some data on block 1, then, you will need to recypher subsequent blocks. I dont know well how it works in the real scenario. But taking this statement, to be fast, you will need more frequence of IV's by blocks chains, who will starvate the IV's security (depending on the IV size obviously and entropy)... Im not here comparing CBC with XTS. XTS will be more fast since you can do parallel operations. XTS have some strong design on some attacks... ----------------------------------- But comming to your XTS-ESSIV question... My answer is: _Is not necesary._ ESSIV adds some entropy to prevent same text cyphered on the same way, The XTS does not commonly use ESSIV because the XTS provides another mechanism rather than IV number. This mechanism provides a sufficient security itself. Adding an extra IV layer will add more entropy to prevent this type of attacks (duplicate blocks cyphered with the same way)... but, seriously, it will decrease the performance of XTS adding extra operations without adding much more extra- security.
Thanks, Phoenix ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
-- Ing. Aaron G. Mizrachi P. http://www.unmanarc.com Mobil 1: + 58 416-6143543 Mobil 2: + 58 424-2412503
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- Disk Encryption: aes-xts-plain vs aes-xts-essiv phoenixprecedent (May 22)
- Re: Disk Encryption: aes-xts-plain vs aes-xts-essiv jdm (May 22)
- Re: Disk Encryption: aes-xts-plain vs aes-xts-essiv Phoenix Precedent (May 22)
- Re: Disk Encryption: aes-xts-plain vs aes-xts-essiv Aarón Mizrachi (May 25)
- Re: Disk Encryption: aes-xts-plain vs aes-xts-essiv Aarón Mizrachi (May 22)
- Re: Disk Encryption: aes-xts-plain vs aes-xts-essiv jdm (May 22)