* Joseph Ashwood: > Page 5 finally begins the actual information. > Page 5 "plaintext sector data should be encrypted with one-time-use > (pseudo-)random keys" serves no purpose if a strong mode is used. The only > purpose this serves is to slow the system down as additional searches have > to be made. This is claimed to provide protection from when AES is broken. > It offers nothing except wasted cryptographic and disk overhead.
Even if a more standard approach had been used, you'd need something quite similar for storing the IVs (or IV equivalents). It seems as if GBDE doesn't atomically update both the metadata sector and the data sector in a single transaction. This means that a power failure which results in a lost sector has some probability of destroying much more, including sectors which previously have been advertised as having reached stable storage. Of course, such issues are complex to address and are the main reasons why other schemes (ECB mode, CBC mode with constant IVs derived from sector numbers) are so common. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
