From: Arno Wagner <arno@wagner.name>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] Efficacy of xts over 1TB
Date: Tue, 27 Jul 2010 12:21:08 +0200 [thread overview]
Message-ID: <20100727102108.GA2373@tansi.org> (raw)
In-Reply-To: <slrni4s7ac.lr8.Mario.Holbe@darkside.dyn.samba-tng.org>
On Tue, Jul 27, 2010 at 01:42:01AM +0200, Mario 'BitKoenig' Holbe wrote:
> Christoph Anton Mitterer <christoph.anton.mitterer@physik.uni-muenchen.de> wrote:
> > I've just read some sections of the Standard... D4 and D6... it rather
> > seems that really the whole size (of the partition) is meant,... and not
>
> No, no, no, hell, no. They don't mean a size of a partition, or a disk
> or whatever. They talk about an amount of data because they mean exactly
> that: an amount of data encrypted using the same key.
>
> If you set up dm-crypt with aes-xts-plain on a 500G partition, fill it
> up with data, remove everything and fill it up again with other data you
> *did* encrypt 1TB of data using the same key despite the fact that your
> partition might only be 500G.
> Please feel free to re-proceed the exercise with a 250G partition.
>
> Of course, your attacker has to be able to capture a snapshot after the
> first fill-up ...
And that is the real limit in practice. This is more relevant for,
e.g., encrypting tape backups or other backups were a number
of generations is kept. If I understand this correctly, the
actual data exposure if you encrypt in the order of 2^(n/2)
bits, with n your block lenght, is very small, namely two blocks.
But I would need to check to be sure.
> probably via some forensic magic - people who believe
> in encryption often tend to also still believe in Peter Gutmann :)
Here I highly recomment the Epilogue, were Gutmann puts that into
perspective for modern drives: "...it's unlikely that anything
can be recovered from any recent drive except perhaps a single
level via basic error-cancelling techniques...". Also note that
nobody claims to sucessfully have done that and all major data
recovery outfits claim they cannot recover anything after a single
overwerwrite with zeros on modern drives. Also note that tape is very
different and Gutmann still applies there. (Original paper with
updates: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html)
> regards
> Mario
> --
> If you think technology can solve your problems you don't understand
> technology and you don't understand your problems.
> -- Bruce Schneier
Nice quote!
Arno
--
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
next prev parent reply other threads:[~2010-07-27 10:21 UTC|newest]
Thread overview: 47+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-07-26 21:07 [dm-crypt] Efficacy of xts over 1TB Arno Wagner
2010-07-26 21:31 ` Christoph Anton Mitterer
2010-07-26 21:45 ` Arno Wagner
2010-07-26 21:42 ` Christoph Anton Mitterer
2010-07-26 22:55 ` Arno Wagner
2010-07-26 23:42 ` Mario 'BitKoenig' Holbe
2010-07-27 10:21 ` Arno Wagner [this message]
2010-08-15 17:26 ` Uwe Menges
2010-08-15 22:10 ` Arno Wagner
2010-08-16 11:44 ` Mario 'BitKoenig' Holbe
2010-08-16 12:39 ` Arno Wagner
2010-08-16 12:55 ` octane indice
2010-08-16 14:21 ` Arno Wagner
2010-08-21 20:45 ` Christoph Anton Mitterer
2010-08-21 23:14 ` Arno Wagner
2010-08-22 0:46 ` Christoph Anton Mitterer
-- strict thread matches above, loose matches on Subject: below --
2010-07-25 22:25 Ietf Nist
2010-07-25 22:41 ` Christoph Anton Mitterer
2010-07-22 14:57 David Santamaría Rogado
2010-07-25 10:34 ` Arno Wagner
2010-07-25 11:18 ` Christoph Anton Mitterer
2010-07-25 12:29 ` Heinz Diehl
2010-07-25 12:25 ` Milan Broz
2010-07-25 13:14 ` Christoph Anton Mitterer
2010-07-25 13:52 ` Milan Broz
2010-07-25 22:37 ` Christoph Anton Mitterer
2010-07-26 0:14 ` Milan Broz
2010-07-26 20:38 ` Christoph Anton Mitterer
2010-07-26 8:53 ` Arno Wagner
2010-07-26 20:47 ` Christoph Anton Mitterer
2010-07-26 21:01 ` Arno Wagner
2010-07-26 21:28 ` Christoph Anton Mitterer
2010-07-26 21:35 ` Arno Wagner
2010-07-25 22:52 ` Christoph Anton Mitterer
2010-07-26 9:42 ` Mario 'BitKoenig' Holbe
2010-07-26 18:09 ` Arno Wagner
2010-07-25 15:32 ` Arno Wagner
2010-07-25 22:48 ` Christoph Anton Mitterer
2010-07-25 23:42 ` Milan Broz
2010-07-26 18:35 ` Christoph Anton Mitterer
2010-07-25 15:28 ` Arno Wagner
2010-07-25 18:11 ` Milan Broz
2010-07-26 9:04 ` Mario 'BitKoenig' Holbe
2010-07-27 18:21 ` Christoph Anton Mitterer
2010-07-27 21:02 ` Mario 'BitKoenig' Holbe
2010-07-26 9:17 ` Mario 'BitKoenig' Holbe
2010-07-27 18:42 ` David Santamaría Rogado
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20100727102108.GA2373@tansi.org \
--to=arno@wagner.name \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox