Home page logo
/

basics logo Security Basics mailing list archives

Re: Disk Encryption: aes-xts-plain vs aes-xts-essiv
From: Aarón Mizrachi <unmanarc () gmail com>
Date: Fri, 22 May 2009 13:55:22 -0430

On Viernes 22 Mayo 2009 09:15:26 phoenixprecedent () gmail com escribió:
I've searched around and I can't seem to find a straight answer.

Is ESSIV necessary in conjunction with XTS?

dm-crypt/Luks recommends using "plain," but without
justification/explanation.

I'm no cryptographer, but a little insight would be helpful.

Hi phoenix, im not a master on crypto, but let me say what i think.

This is only theory.

XTS is a good method itself to protect your information only on sector based 
mechanisms... this is basically based on the position of this data on the 
disk, mathematics on this are designed to provide sufficient security, but still 
experimental.... 

Unlike XTS, CBC must read the previos cypher block to encrypt the next, and... 
in CBC (with IV's), if you need to change some data on block 1, then, you will 
need to recypher subsequent blocks.

I dont know well how it works in the real scenario. But taking this statement, 
to be fast, you will need more frequence of IV's by blocks chains, who will 
starvate the IV's security (depending on the IV size obviously and entropy)...

Im not here comparing CBC with XTS. XTS will be more fast since you can do 
parallel operations. XTS have some strong design on some attacks...  

-----------------------------------

But comming to your XTS-ESSIV question... 

My answer is: _Is not necesary._

ESSIV adds some entropy to prevent same text cyphered on the same way, The XTS 
does not commonly use ESSIV because the XTS provides another mechanism rather 
than IV number.

This mechanism provides a sufficient security itself. Adding an extra IV layer  
will add more entropy to prevent this type of attacks (duplicate blocks 
cyphered with the same way)... but, seriously, it will decrease the 
performance of XTS adding extra operations without adding much more extra-
security.

Thanks,
Phoenix

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both
Instructor-Led and Online formats is the most concentrated exam prep
available. Comprehensive course materials and an expert instructor means
you pass the exam. Gain a laser like insight into what is covered on the
exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------

-- 
Ing. Aaron G. Mizrachi P.    
http://www.unmanarc.com
Mobil 1: + 58 416-6143543
Mobil 2: + 58 424-2412503

Attachment: signature.asc
Description: This is a digitally signed message part.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]