[Cryptography] Disk encryption
Darren Moffat
darren at nessieroo.com
Tue Mar 28 15:11:23 EDT 2023
There are many different ways of doing what is sometimes called “disk
encryption”.
Do you mean “in drive firmware” or in the OS software? Or something else?
Such as between the iSCSIbtarget layer and the actual backend storage.
Disks need to be random access so in the general case “disk encryption”
wouldn’t use any cross block dependencies on the inputs to the cipher. For
example you probably wouldn’t want to use CBC mode with any chaining
between disk blocks because then you need to decrypt multiple blocks. But
some “disk encryption” software has used CBC mode and only chaining within
a disk block (512 bytes or now more likely 4K).
AES in XTS mode is sometimes used for random access disk encryption with
the IV/nonce being derived from things like the logical block address (and
ideally some other confounding (probably random) data).
There are also other ways of providing encryption of data at rest by doing
it transparently to the application if it is a feature provided by the OS
file system or block layers. For example in ZFS the blocks (which are 128k
by default, can be as high as 1Mb) are encrypted with AES in CCM or GCM,
the authtag/MAC is stored alongside a SHA256 of the cipher text in the
block pointer and forms a merkle hash tree.
You can also do transparent (to the application and file system) encryption
in the logical block layer - something like LUKS on Linux systems of lofi
on Solaris - equivalents exist in FreeBSD and many other systems too.
Darren
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20230328/7ca040eb/attachment.htm>
More information about the cryptography
mailing list