From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id KWpKA0-onY1A for <dm-crypt@saout.de>;
 Wed,  6 Feb 2013 15:08:09 +0100 (CET)
Received: from mail-we0-x233.google.com (mail-we0-x233.google.com
 [IPv6:2a00:1450:400c:c03::233])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Wed,  6 Feb 2013 15:08:09 +0100 (CET)
Received: by mail-we0-f179.google.com with SMTP id x43so1131634wey.38
 for <dm-crypt@saout.de>; Wed, 06 Feb 2013 06:08:07 -0800 (PST)
Message-ID: <511263C0.9040700@gmail.com>
Date: Wed, 06 Feb 2013 15:08:00 +0100
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <mailman.6.1360140726.2399.dm-crypt@saout.de>
 <trinity-5d2068d0-c1b0-4655-b90c-be14a707caa4-1360145171481@3capp-webde-bs30>,
 <51124EBC.50207@gmail.com>
 <trinity-5e451cd0-1b94-4006-82ec-553bc8d49873-1360157682485@3capp-webde-bs40>
In-Reply-To: <trinity-5e451cd0-1b94-4006-82ec-553bc8d49873-1360157682485@3capp-webde-bs40>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Cryptographic issues with SSD-technology and
 wide-block encryption modes
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de
Cc: Stavros Kousidis <dabros.kuhsadas@web.de>

On 02/06/2013 02:34 PM, Stavros Kousidis wrote:
>> But that said, yes I'm very well aware of this problem and I would
>> like to have at least some analysis what's really going on in todays
>> flash storage devices and how it is related to disk encryption security.
>> So let's try to gather some data first.
> 
> That clarifies some things to me, and yes, I would also like to know what's happening inside those things. Especially since I have seen:
> http://static.usenix.org/events/fast11/tech/full_papers/Wei.pdf

yes, this is nice paper!

Please if anyone here have more such pointers, please post it here!

I am quite interested in research here and there are several interesting
interactions which surely need more coverage.

>> But do not forget one thing - while cryptsetup is always open to support
>> wide range of algorithms, a huge user base is bound by standards which do not
>> allow them to use anything else. That's why XTS is so widely used.
> 
> Ok that sounds reasonable (doable???). What exactly do you mean by a huge user base being bound by standards and to XTS?

I mean users which are required to comply (at least to some extent) to FIPS standards for example.
(Usually government & public sector etc.)
Here, AFAIK, you can use AES and CBC or XTS modes only.
And I am trying to keep default cryptsetup/LUKS modes compatible with these,
but really, that was just note that many people will (or will have to) prefer standard modes
(which get more analysis as well).

Milan