From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195]) by mail.saout.de (Postfix) with ESMTP for ; Tue, 27 Jul 2010 12:21:10 +0200 (CEST) Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch [84.74.164.239]) by tansi.org (Postfix) with ESMTPA id B06B6121831E for ; Tue, 27 Jul 2010 12:21:09 +0200 (CEST) Date: Tue, 27 Jul 2010 12:21:08 +0200 From: Arno Wagner Message-ID: <20100727102108.GA2373@tansi.org> References: <20100726210741.GC24052@tansi.org> <1280180557.3266.136.camel@fermat.scientia.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: Subject: Re: [dm-crypt] Efficacy of xts over 1TB List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Tue, Jul 27, 2010 at 01:42:01AM +0200, Mario 'BitKoenig' Holbe wrote: > Christoph Anton Mitterer wrote: > > I've just read some sections of the Standard... D4 and D6... it rather > > seems that really the whole size (of the partition) is meant,... and not > > No, no, no, hell, no. They don't mean a size of a partition, or a disk > or whatever. They talk about an amount of data because they mean exactly > that: an amount of data encrypted using the same key. > > If you set up dm-crypt with aes-xts-plain on a 500G partition, fill it > up with data, remove everything and fill it up again with other data you > *did* encrypt 1TB of data using the same key despite the fact that your > partition might only be 500G. > Please feel free to re-proceed the exercise with a 250G partition. > > Of course, your attacker has to be able to capture a snapshot after the > first fill-up ... And that is the real limit in practice. This is more relevant for, e.g., encrypting tape backups or other backups were a number of generations is kept. If I understand this correctly, the actual data exposure if you encrypt in the order of 2^(n/2) bits, with n your block lenght, is very small, namely two blocks. But I would need to check to be sure. > probably via some forensic magic - people who believe > in encryption often tend to also still believe in Peter Gutmann :) Here I highly recomment the Epilogue, were Gutmann puts that into perspective for modern drives: "...it's unlikely that anything can be recovered from any recent drive except perhaps a single level via basic error-cancelling techniques...". Also note that nobody claims to sucessfully have done that and all major data recovery outfits claim they cannot recover anything after a single overwerwrite with zeros on modern drives. Also note that tape is very different and Gutmann still applies there. (Original paper with updates: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html) > regards > Mario > -- > If you think technology can solve your problems you don't understand > technology and you don't understand your problems. > -- Bruce Schneier Nice quote! Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier