On Fri, Jan 14, 2011 at 5:13 PM, Jon Callas <[email protected]> wrote: > > On Jan 13, 2011, at 10:40 AM, > [email protected]<travis%[email protected]>wrote: > > However -- a number of storage things (including TrueCrypt) are using modes > like XTS-AES. These modes are sometimes called "PMA" modes for "Poor Man's > Authentication." XTS in particular is a wide-block mode that takes a > per-block tweak. This means that if you are using an XTS block of 512 bytes, > then a single-bit change to the ciphertext causes the whole block to decrypt > incorrectly. If you're using a 4K data block, even better, as the single bit > error propagates to the whole 4K. On top of that, there's the use of the > tweak parameter; in disk storage, it's typically a function of the LBA of > the data. > > Actually, XTS is a narrow-block mode, so a single-bit change to the ciphertext affects only a single cipher block (16 bytes). For wide-block, you need something like EME or Bitlocker's "Elephant Diffuser".
Best regards, Darren Lasko
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
