FileVault on other than home directories on MacOS?
Darren J Moffat
Darren.Moffat at Sun.COM
Fri Sep 25 05:13:33 EDT 2009
james hughes wrote:
>> TrueCrypt on the other hand uses AES in XTS mode so you get
>> confidentiality and integrity.
>
> Technically, you do not get integrity. With XTS (P1619, narrow block
> tweaked cipher) you are not notified of data integrity failures, but
> these data integrity failures have a much reduced usability than CBC.
> With XTS:
[snip]
> If you change this to ZFS Crypto
> http://opensolaris.org/os/project/zfs-crypto/
> You get complete integrity detection with the only remaining
> vulnerability that
For those not familiar this is because Jim and I choose to use CCM/GCM
with AES. ZFS is already using a copy-on-write validated merkle tree.
The 16 byte tag/MAC from CCM/GCM is stored in the block pointer above
forming a merkle tree. Each encrypted block in ZFS has its own IV. ZFS
"disk" blocks are variable size from 512 bytes to (currently) 128k.
> 1) you can return the entire disk to a previous state.
>
> While I may have put you all asleep, the basic premise holds... XTS is
> better than unauthenticated CBC.
Which is really what I was trying to say and over stated that XTS
provides integrity. When really what it does is as you said, provides a
better protection for certain classes of ciphertext modification than
just using CBC.
--
Darren J Moffat
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list