[17059] in cryptography@c2.net mail archive
Re: comments wanted on gbde
daemon@ATHENA.MIT.EDU (Florian Weimer)
Sun Mar 13 14:49:10 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: Florian Weimer <fw@deneb.enyo.de>
To: "Joseph Ashwood" <ashwood@msn.com>
Cc: <cryptography@metzdowd.com>
Date: Sun, 13 Mar 2005 10:14:56 +0100
In-Reply-To: <BAY0-SMTP04A13DEFA33761AE1D3CC2AC5E0@phx.gbl> (Joseph Ashwood's
message of "Sat, 5 Mar 2005 21:40:37 -0800")
* Joseph Ashwood:
> Page 5 finally begins the actual information.
> Page 5 "plaintext sector data should be encrypted with one-time-use
> (pseudo-)random keys" serves no purpose if a strong mode is used. The only
> purpose this serves is to slow the system down as additional searches have
> to be made. This is claimed to provide protection from when AES is broken.
> It offers nothing except wasted cryptographic and disk overhead.
Even if a more standard approach had been used, you'd need something
quite similar for storing the IVs (or IV equivalents).
It seems as if GBDE doesn't atomically update both the metadata sector
and the data sector in a single transaction. This means that a power
failure which results in a lost sector has some probability of
destroying much more, including sectors which previously have been
advertised as having reached stable storage. Of course, such issues
are complex to address and are the main reasons why other schemes (ECB
mode, CBC mode with constant IVs derived from sector numbers) are so
common.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com