Re: [dm-crypt] Cryptographic issues with SSD-technology and wide-block encryption modes

[Milan Broz <gmazyland@gmail.com>]

On 02/06/2013 02:34 PM, Stavros Kousidis wrote:
>> But that said, yes I'm very well aware of this problem and I would
>> like to have at least some analysis what's really going on in todays
>> flash storage devices and how it is related to disk encryption security.
>> So let's try to gather some data first.
> 
> That clarifies some things to me, and yes, I would also like to know what's happening inside those things. Especially since I have seen:
> http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf

yes, this is nice paper!

Please if anyone here have more such pointers, please post it here!

I am quite interested in research here and there are several interesting
interactions which surely need more coverage.

>> But do not forget one thing - while cryptsetup is always open to support
>> wide range of algorithms, a huge user base is bound by standards which do not
>> allow them to use anything else. That's why XTS is so widely used.
> 
> Ok that sounds reasonable (doable???). What exactly do you mean by a huge user base being bound by standards and to XTS?

I mean users which are required to comply (at least to some extent) to FIPS standards for example.
(Usually government & public sector etc.)
Here, AFAIK, you can use AES and CBC or XTS modes only.
And I am trying to keep default cryptsetup/LUKS modes compatible with these,
but really, that was just note that many people will (or will have to) prefer standard modes
(which get more analysis as well).

Milan