[Cryptography] mode of operation for file encryption

Steve Weis steveweis at gmail.com
Tue Sep 1 18:01:52 EDT 2015

On Tue, Sep 1, 2015 at 8:50 AM,  <matic at nimp.co.uk> wrote:
> I need an operation mode for AES with the following properties:
> ...
> So far the best thing I can think of is a kind of extended ECB which I would
> call "ECB with xor" or ECBX:

Making up your own mode is not a good idea. Your made-up mode leaks
information in a Chosen-Plaintext attack to someone who can predict
block indices. Don't use it.

> The application is file encryption done on the fly in a virtual file system
> ...
> I could go for XEX, but I would like to have a good motivation to justify
> the additional GCM operation.

On x86 platforms, AES-GCM is very fast and library support is widely
available. It will certainly not be a bottleneck for a network-backed
virtual filesystem. I would just use GCM.

More information about the cryptography mailing list