Re: GELI - disk encryption for FreeBSD - review request.

From: Andrew Swallow (am.swallow_at_btopenworld.com)
Date: 07/28/05 

Date: Thu, 28 Jul 2005 01:32:14 +0000 (UTC)

Joseph Ashwood wrote:

> "Andrew Swallow" <am.swallow@btopenworld.com> wrote in message
> news:dc72cc$2kq$1@nwrdmz01.dmz.ncs.ea.ibs-infra.bt.com...
>
>>Whatever mode you use has to be able to survive known
>>plain text (like all of the Windows binary files), known
>>cypher text and known IV.
>>
>>Could the IV be the sector number followed by a 32 bit
>>write count?
>
>
> Depends on the mode. CBC that should work well. CTR mode if you can make
> sure that write counter is true it will work, the problem comes form being
> able to attack that write counter, also at this point we're pushing IMO
> dangerously close to the 2^64 limit, in some cases we're within an error of
> 2^11 for the largest systems, that's far enough away for now, but as those
> numbers continue to increase we'll see that margin for error shrink
> substantially. CTR mode crumbles the almost the moment that 2^64 barrier is
> crossed, CBC still maintains (reduced) security. OFB is typicallyl further
> reduced because the functioning block is smaller (although you still need
> 2^64 of them).

As well as the write count can we add a random field? And
how big? To permit decryption the value will have to be
stored on the disk.

For software implementations the random value could be
generated by AES in CRT mode with the IV set to the time
and date using a second key variable. For hardware
encryption implementations the output from a true random
number generator built into the disk controller electronics.

Andrew Swallow