Home page logo
/

basics logo Security Basics mailing list archives

Re: Disk Encryption: aes-xts-plain vs aes-xts-essiv
From: Phoenix Precedent <phoenixprecedent () gmail com>
Date: Fri, 22 May 2009 20:22:57 +0200

It is my understanding that CBC requires ESSIV to prevent watermarking,
but XTS does not use a predictable IV, and thus does not. I'd just like
confirmation (and possibly light explanation) from someone who knows for
sure 100%.

Thanks for the response. I'll keep you informed when I find a definitive
answer
-Phoenix

On Fri, 2009-05-22 at 13:17 -0400, jdm wrote:
I'm no cryptographer either, but I believe ESSIV is a protection
against watermarking and known plaintext attacks.  If I recall
correctly, the default state for dm-crypt is insecure since the
default, or at least recommended configuration, is 'plain.'

The down side is probably increased overhead, but I don't know of any
benchmarks for this offhand.

Necessary is a relative term, but in my opinion, watermarking and
known plaintext attacks are big attack vectors.  If you're
implementing full disk encryption, you may as well implement it as
securely as possible.

If I'm wrong on any of the above, please correct me!

HTH,
--j

On Fri, May 22, 2009 at 9:45 AM, <phoenixprecedent () gmail com> wrote:

I've searched around and I can't seem to find a straight answer.

Is ESSIV necessary in conjunction with XTS?

dm-crypt/Luks recommends using "plain," but without justification/explanation.

I'm no cryptographer, but a little insight would be helpful.

Thanks,
Phoenix

------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. 
Gain a laser like insight into what is covered on the exam, with zero fluff!

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute

Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most 
concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain 
a laser like insight into what is covered on the exam, with zero fluff! 

http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault