[Cryptography] Disk encryption
Erik van Straten (Cryptography list)
evs20200430f at xs4all.nl
Wed Mar 29 06:21:34 EDT 2023
On 2023-03-27 19:23, Dave Horsfall wrote:
> I've never used disk encryption before, so I have some concerns.
>
> My understanding is that each encrypted block depends upon the previous
> block (if not the entire chain), so what happens should an intermediate
> block become corrupted?
[snip]
You may want to read Thomas Ptacek's blog regarding FDE using XTS:
https://sockpuppet.org/blog/2014/04/30/you-dont-want-xts
(you DO want to use XTS or something similar because it's the least bad solution).
In particular SSD's containing any data of value should be encrypted (because they're nearly impossible to securily
erase if they're not encrypted).
I wouldn't trust "secure erase" functionality built into SSD's, see
https://seclists.org/educause/2019/q3/388
A post by Joseph Ashwood regarding the risks of SSD wear leveling (he holds a patent):
https://www.metzdowd.com/pipermail/cryptography/2014-June/021952.html
Personally I use Veracrypt and it works like a charm. But be sure to make backups of your files, as bootable "rescue
disks" (on USB or CD/DVD) typically don't understand SSD's/HDD's that are fully encrypted (FDE) using, for example,
Veracrypt.
Best regards,
Erik van Straten
More information about the cryptography
mailing list