AES-CBC + Elephant diffuser
Darren J Moffat
Darren.Moffat at Sun.COM
Thu Oct 29 09:59:35 EDT 2009
Eugen Leitl wrote:
> "We discuss why no existing cipher satisfies the requirements of this
> application". Uh-oh.
>
> http://www.microsoft.com/downloads/details.aspx?FamilyID=131dae03-39ae-48be-a8d6-8b0034c92555&DisplayLang=en
>
> AES-CBC + Elephant diffuser
>
> Brief Description
>
> A Disk Encryption Algorithm for Windows Vista
^^^^^^^^^^^^^^^
That is the key issue here, it is a disk encryption algorithm
independent of the filesystem that sits above it.
If instead you put the encryption directly into the filesystem, rather
than below it, then the restrictions of sector size that mean you can't
easily use a MAC go away.
This is exactly what we have done for ZFS, we do use a MAC (the one from
CCM or GCM modes) as well as a SHA256 hash of the ciphertext (used for
resilvering operations in RAID) and they are stored in the block
pointers (not the data blocks) forming a Merkle tree. We also have a
place to store an IV. So every encrypted ZFS block is self contained,
has an IV and a 16 byte MAC. This means that the crypto is all
standards based algorithms and modes for ZFS.
http://hub.opensolaris.org/bin/view/Project+zfs-crypto/
--
Darren J Moffat
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list