Encryption and authentication modes
Matt Ball
matt.ball at ieee.org
Thu Jul 15 14:27:31 EDT 2010
On Thu, Jul 15, 2010 at 9:32 AM, markus reichelt wrote:
>
> * james hughes <hughejp at mac.com> wrote:
>
> > If there is no room for or an integrity field, you can look at
> > XTS-AES.
> > http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf
>
> A not so well-known statement of said PDF certainly is the following,
> especially in light of today's storage device capacities:
>
> "The length of the data unit for any instance of an implementation of
> XTS-AES shall not exceed 2^20 AES blocks."
Remember that a 'data unit' as described in IEEE Std 1619-2007 is
analogous to a hard disk's 'sector' or 'logical block' (which is
usually fixed at 512 or 4096 bytes), so in practice this limitation is
not an issue, since you can just use more sectors to encrypt more of
your data under the same key.
--
Cheers,
Matt Ball
Chair, IEEE P1619 Security in Storage Working Group
Cell: 303-717-2717
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list