comments wanted on gbde
Florian Weimer
fw at deneb.enyo.de
Sun Mar 13 04:14:56 EST 2005
* Joseph Ashwood:
> Page 5 finally begins the actual information.
> Page 5 "plaintext sector data should be encrypted with one-time-use
> (pseudo-)random keys" serves no purpose if a strong mode is used. The only
> purpose this serves is to slow the system down as additional searches have
> to be made. This is claimed to provide protection from when AES is broken.
> It offers nothing except wasted cryptographic and disk overhead.
Even if a more standard approach had been used, you'd need something
quite similar for storing the IVs (or IV equivalents).
It seems as if GBDE doesn't atomically update both the metadata sector
and the data sector in a single transaction. This means that a power
failure which results in a lost sector has some probability of
destroying much more, including sectors which previously have been
advertised as having reached stable storage. Of course, such issues
are complex to address and are the main reasons why other schemes (ECB
mode, CBC mode with constant IVs derived from sector numbers) are so
common.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list