registry team mailing list archive

[David Santamaría Rogado <244480@xxxxxxxxxxxxxxxxxx>]

Don't know why you mention the random all before as is irrelevant for
this "issue", entire partition should be random filled with all cipher
blocks.

No, is not a XTS unique problem but is not a problem of using AES, the
problem is in "all XOR-Encryption(XE)-based tweakable block cipher" like
XTS.

I opened a thread in the dm-crypt mailing list for this
http://www.saout.de/pipermail/dm-crypt/2010-July/001042.html and be sure
is the best place to talk about this, I think all the other places I
have exposed the topic just nobody knows, in some of them no answer at
all in others just FUD.

For example all the people talks about disk size, if some talks about
it, just run, he/she has no idea. The issue is just the amount of data,
even with a 500 GB disk if you read/write a lot on it and "your
attacker" can snapshot your drive, he/she can obtain more than 500 GB in
some days. So, in this example is safer a 1TB disk where you just fill
it but don't change regularly it's contents.

So, don't be fooled, even with several TBs your personal data will be
secure (note that if you have >=2 TB you should use plain64 iv instead
of plain, plain64 is only available in kernel >=2.6.35 so lucid doesn't
have it) and if you are a very big corporation that can have another
corporation with a lot of processing resources as an attacker you
shouldn't be asking here, just hire an expert.

-- 
support AES-XTS mode
https://bugs.launchpad.net/bugs/244480
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Debian.