Disk encryption protects information by encrypting every byte that is written to a HD or virtual disk volume.
Disk encryption protects information by encrypting every byte that is written to a HD or virtual disk volume.
Questions tagged [disk-encryption]
60 questions
29
votes
6 answers
Why not authenticate full-disk encryption?
Common FDE software (TrueCrypt, BitLocker, dm-crypt) doesn't authenticate ciphertext stored on the disk. The commonly cited reason is "it would take too much space", reasoning that you would need an authentication tag for every sector and that would…
matejcik
- 393
- 3
- 5
27
votes
3 answers
Information leakage from the ecryptfs filesystem
I'm wondering what information might be leaked from the ecryptfs filesystem. This is what Ubuntu uses if you check the box for "encrypted home directory" when using the desktop installer, so is probably quite widely used. Key characteristics of…
Hamish Downer
- 371
- 3
- 5
26
votes
2 answers
Why do we use XTS over CTR for disk encryption?
I'm taking Prof. Boneh's crypto class from Coursera, and am unsure on the requirement for XTS mode for disk encryption.
It seems that CTR mode would do exactly what XTS can do, but is simpler to implement? In either mode, I will use the disk sector…
shrek
- 363
- 3
- 5
11
votes
2 answers
LUKS multiple key slots - what's the intuition?
LUKS volumes have the ability to allow multiple independently usable passwords, as explained here:
[https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions]
The intuition behind basic encryption with a single key is pretty…
SauceCode
- 213
- 1
- 2
- 5
9
votes
1 answer
Effect of ESSIV when used with XTS
I looked everywhere on the web and I did find a lot of information about full disk encryption, but nothing really answered my question.
When formatting a partition to use LUKS, the two most common ciphers…
JoeyBF
- 193
- 1
- 5
9
votes
1 answer
How can disk encryption systems (like Truecrypt) resist frequency analysis when they allow random access?
I don't understand how disk encryption (e.g. TrueCrypt) is supposed to resist frequency analysis.
If blocks can be randomly accessed (which they can), doesn't that mean that frequency-domain information (e.g. contiguous free space) is exposed?
The…
user541686
- 1,409
- 1
- 11
- 24
9
votes
2 answers
Fast cipher without needing hardware support (like ChaCha20) for disk encryption
On my old laptop, ChaCha20 is quite a bit faster than AES as there is no hardware acceleration for AES. But for disk encryption AES based schemes seem to be the only option, as a stream cipher like ChaCha20 cannot directly be used for disk…
JanKanis
- 253
- 1
- 6
8
votes
1 answer
How is LUKS dm-crypt secure if the key is stored with the encrypted data?
I've posted this question over at superuser, but haven't had any success at getting answers. That's why I've posted it here. Furthermore, I believe this is a more appropriate place for it as it is questions about design of the encryption system and…
Sam Parker
- 83
- 1
- 3
7
votes
2 answers
Should I use XTS or GCM to encrypt my hard drives?
I want to start encrypting all of my hard drives, but I don't know whether to choose XTS or GCM mode. Why is it that XTS is recommended (since the most websites I visit use GCM in their HTTPS connection)? So my question is: should I use XTS or GCM,…
blacklight
- 581
- 7
- 13
7
votes
2 answers
Is it possible to tweak AES-GCM so that it is satisfactory for whole-disk encryption (like XTS mode)?
Is it possible to leverage a preexisting implementation of AES-GCM to provide the key security benefits essential for full-disk encryption (similar to AES-XTS)?
GCM is a popular encryption mode supported by several libraries and with fast…
user3325588
- 111
- 1
- 7
6
votes
1 answer
How can XTS be used to detect the presence of TrueCrypt hidden volumes?
According to a thread on the VeraCrypt discussion forum, and a single-post followup, it is possible to detect the presence of a hidden volume in certain conditions due to a flaw in the cryptography or the way it is used, rather than a flaw in the…
forest
- 15,626
- 2
- 49
- 103
6
votes
1 answer
Ephemeral Encryption Keys
My understanding is, ignoring implementation details, iOS disk encryption works like this: On boot (and/or every time you unlock your phone) an ephemeral session key is created that can decrypt encrypted files.
My question is, how is it possible…
Ali
- 163
- 4
6
votes
2 answers
Encrypt-Mix-Encrypt: Full Diffusion?
I've read "A Parallelizable Enciphering Mode" by Halevi and Rogaway about the encrypt-mix-encrypt mode for ciphers and was asking myself if this mode provides "full" diffusion.
So if an attacker alters one bit of the ciphertext, how many bits (all?)…
SEJPM
- 46,697
- 9
- 103
- 214
5
votes
2 answers
Security of McCallum-Relyea exchange
I recently learned of the McCallum-Relyea exchange which allows for a method of key escrow without actually transmitting the key.
It was developed at RedHat and is used by the tang and clevis utilities (and further described here) to allow for…
dbush
- 298
- 3
- 12
5
votes
1 answer
How does LUKS encrypt the master key?
I'm studying how LUKS/dm-crypt works, and I've learnt that:
the user supplies a (possibly weak) passphrase
the passphrase is turned into a Key Encryption Key (KEK) by a Key Derivative Function (KFD), making it harder to crack via a brute-force…
Maury
- 51
- 1
- 2