On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote:
There is also a sleep mode issue identified by the NSA

Unlike FileVault whose keys (have to) persist in memory for the duration of the login session, individual encrypted disk images are mounted on demand and their keys destroyed from memory on unmount.

TrueCrypt on the other hand uses AES in XTS mode so you get confidentiality and integrity.

XTS certainly doesn't provide cryptographic integrity. It provides different ciphertext malleability characteristics than CBC, in that you can only randomize an arbitrary 16-byte block of plaintext instead of being able to flip an arbitrary bit (and screw up the previous block). However, this comes with other costs inherent to seekable narrow-block encryption, so I think it's hard to argue XTS provides "more" integrity than CBC. Or were you referring to something else?

Ivan Krstić <krs...@solarsail.hcs.harvard.edu> | http://radian.org

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to