Hi Mike, Thanks for your very detailed description and explanation!
On Wed, Sep 9, 2009 at 12:30 PM, Mike Kazantsev<mk.frag...@gmail.com> wrote: > On Tue, 8 Sep 2009 11:21:12 +0200 > Marco <listwo...@gmail.com> wrote: [...] > ESSIV, on the other hand, uses the hash of these counters with the key > itself to salt IV, so it seem to rule out all the aforementioned > vulnerabilities. Hash strength here ensures that it can't be turned > into former 'plain counters' case due to hash collision. > > > XTS/LRW/CBC/... are methods to encrypt the single data block to a disk > block. Since data is read in blocks, block also seem to be the atomic > unit of data encryption - everything is en-/decrypted in whole blocks > when read/written from/to disk. > > These methods further divide the disk block into a smaller units to > ensure that there won't be a (similar to the above) case when two > similar, say, 16-byte pieces in a single 512k disk block would look > identical, otherwise some data with such watermarks can be generated > and proven to be on this disk - whole blocks can be marked with them, > so they can later be found, along with any known data between them. > > They also mix the key with some generated salt for these units. > CBC relies on plain data, so it can be broken by crafted data. LRW also > seem to suffer from some known vulnerabilities, so XTS seem to be the > best and recommended one. So I think I'll go with xts-essiv:sha256. In terms of performance, a keylength of 256 might not be ideal. But since this external drive is mainly thought as a backup device,this is not too much of a drawback. -- Best regards, Marco