On Thu, Oct 7, 2021 at 09:59:31PM +0300, Ants Aasma wrote: > On Thu, 7 Oct 2021 at 21:52, Stephen Frost <sfr...@snowman.net> wrote: > > With XTS this isn't actually the case though, is it..? Part of the > point of XTS is that the last block doesn't have to be a full 16 bytes. > What you're saying is true for XEX, but that's also why XEX isn't used > for FDE in a lot of cases, because disk sectors aren't typically > divisible by 16. > > https://en.wikipedia.org/wiki/Disk_encryption_theory > > Assuming that's correct, and I don't see any reason to doubt it, then > perhaps it would make sense to have the LSN be unencrypted and include > it in the tweak as that would limit the risk from re-use of the same > tweak over time. > > > Right, my thought was to leave the first 8 bytes of pages, the LSN, > unencrypted > and include the value in the tweak. Just tested that OpenSSL aes-256-xts > handles non multiple-of-16 messages just fine.
Great. -- Bruce Momjian <br...@momjian.us> https://momjian.us EDB https://enterprisedb.com If only the physical world exists, free will is an illusion.
