[145345] in cryptography@c2.net mail archive
Re: Encryption and authentication modes
daemon@ATHENA.MIT.EDU (Matt Ball)
Thu Jul 15 15:36:22 2010
In-Reply-To: <20100715153204.GB6389@pc21.mareichelt.com>
Date: Thu, 15 Jul 2010 12:27:31 -0600
From: Matt Ball <matt.ball@ieee.org>
To: Cryptography List <cryptography@metzdowd.com>
On Thu, Jul 15, 2010 at 9:32 AM, markus reichelt wrote:
>
> * james hughes <hughejp@mac.com> wrote:
>
> > If there is no room for or an integrity field, you can look at
> > XTS-AES.
> > http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf
>
> A not so well-known statement of said PDF certainly is the following,
> especially in light of today's storage device capacities:
>
> "The length of the data unit for any instance of an implementation of
> XTS-AES shall not exceed 2^20 AES blocks."
Remember that a 'data unit' as described in IEEE Std 1619-2007 is
analogous to a hard disk's 'sector' or 'logical block' (which is
usually fixed at 512 or 4096 bytes), so in practice this limitation is
not an issue, since you can just use more sectors to encrypt more of
your data under the same key.
--
Cheers,
Matt Ball
Chair, IEEE P1619 Security in Storage Working Group
Cell: 303-717-2717
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
