[H-GEN] File system encryption
Paul Gearon
pag at PISoftware.com
Wed Jun 4 20:52:07 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
On Tue, 3 Jun 2003, Jason Parker-Burlingham wrote:
> Lance Edwards <lanceedwards at optushome.com.au> writes:
> > A quick setup for a loop encrypted FS, see the link below but change
> > xor to aes / aes128 / aes192 or aes256...
<snip/>
>
> Goodness! Why on earth are they suggesting that people use XOR
> encryption? It would be okay if they were using a one-time-pad or
> something[1] but I see no evidence of that. XOR encryption is
> trivially broken.
If it's "standard" XOR obfuscation, then sure, you're right. However,
since *no-one* could be stupid enough to use this (could they???) perhaps
they mean Output Feedback (OFB) mode or Counter (CTR) mode encryption?
Both types generate a non-repeating stream of bits [1] which you then XOR
with the plaintext.
[1] OK, it does repeat eventually[2]. So you need to change your key
before that happens. ie. every message.
[2] "eventually" for CTR mode is when your counter wraps, which is
probably at 2^64 bits. Plenty of space for most messages. OFB has a
finite chance of wrapping sooner, which is catastrophic, because you then
end up with the XOR encryption Jason mentioned earlier. ie. Don't use OFB
mode!
Regards,
Paul "Having fun with Ferguson and Schneier's new cryptography book" Gearon
Software Engineer Telephone: +61 7 3876 2188
Plugged In Software Fax: +61 7 3876 4899
http://www.PIsoftware.com PGP Key available via finger
Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum
immane mittam.
(Translation from latin: "I have a catapult. Give me all the money,
or I will fling an enormous rock at your head.")
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list