[144892] in cryptography@c2.net mail archive
Re: FileVault on other than home directories on MacOS?
daemon@ATHENA.MIT.EDU (=?UTF-8?Q?Ivan_Krsti=C4=87?=)
Thu Sep 24 00:50:03 2009
Cc: Steven Bellovin <smb@cs.columbia.edu>,
cryptography@metzdowd.com
From: =?UTF-8?Q?Ivan_Krsti=C4=87?= <krstic@solarsail.hcs.harvard.edu>
To: Darren J Moffat <Darren.Moffat@Sun.COM>
In-Reply-To: <4AB8C9C0.1060408@Sun.COM>
Date: Wed, 23 Sep 2009 19:30:15 -0700
On Sep 22, 2009, at 5:57 AM, Darren J Moffat wrote:
> There is also a sleep mode issue identified by the NSA
Unlike FileVault whose keys (have to) persist in memory for the =20
duration of the login session, individual encrypted disk images are =20
mounted on demand and their keys destroyed from memory on unmount.
> TrueCrypt on the other hand uses AES in XTS mode so you get =20
> confidentiality and integrity.
XTS certainly doesn't provide cryptographic integrity. It provides =20
different ciphertext malleability characteristics than CBC, in that =20
you can only randomize an arbitrary 16-byte block of plaintext instead =20=
of being able to flip an arbitrary bit (and screw up the previous =20
block). However, this comes with other costs inherent to seekable =20
narrow-block encryption, so I think it's hard to argue XTS provides =20
"more" integrity than CBC. Or were you referring to something else?
--
Ivan Krsti=C4=87 <krstic@solarsail.hcs.harvard.edu> | http://radian.org
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
