FileVault on other than home directories on MacOS?
Ivan Krstić
krstic at solarsail.hcs.harvard.edu
Wed Sep 23 22:30:15 EDT 2009
On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote:
> There is also a sleep mode issue identified by the NSA
Unlike FileVault whose keys (have to) persist in memory for the
duration of the login session, individual encrypted disk images are
mounted on demand and their keys destroyed from memory on unmount.
> TrueCrypt on the other hand uses AES in XTS mode so you get
> confidentiality and integrity.
XTS certainly doesn't provide cryptographic integrity. It provides
different ciphertext malleability characteristics than CBC, in that
you can only randomize an arbitrary 16-byte block of plaintext instead
of being able to flip an arbitrary bit (and screw up the previous
block). However, this comes with other costs inherent to seekable
narrow-block encryption, so I think it's hard to argue XTS provides
"more" integrity than CBC. Or were you referring to something else?
--
Ivan Krstić <krstic at solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list