Disk encryption protects information by encrypting every byte that is written to a HD or virtual disk volume.
Disk encryption protects information by encrypting every byte that is written to a HD or virtual disk volume.
Questions tagged [disk-encryption]
54 questions
27
votes
6 answers
Why not authenticate full-disk encryption?
Common FDE software (TrueCrypt, BitLocker, dm-crypt) doesn't authenticate ciphertext stored on the disk. The commonly cited reason is "it would take too much space", reasoning that you would need an authentication tag for every sector and that would…
matejcik
- 373
- 3
- 5
27
votes
3 answers
Information leakage from the ecryptfs filesystem
I'm wondering what information might be leaked from the ecryptfs filesystem. This is what Ubuntu uses if you check the box for "encrypted home directory" when using the desktop installer, so is probably quite widely used. Key characteristics of…
Hamish Downer
- 371
- 3
- 5
23
votes
2 answers
Why do we use XTS over CTR for disk encryption?
I'm taking Prof. Boneh's crypto class from Coursera, and am unsure on the requirement for XTS mode for disk encryption.
It seems that CTR mode would do exactly what XTS can do, but is simpler to implement? In either mode, I will use the disk sector…
shrek
- 333
- 2
- 5
8
votes
1 answer
Effect of ESSIV when used with XTS
I looked everywhere on the web and I did find a lot of information about full disk encryption, but nothing really answered my question.
When formatting a partition to use LUKS, the two most common ciphers…
JoeyBF
- 183
- 1
- 5
8
votes
1 answer
How can disk encryption systems (like Truecrypt) resist frequency analysis when they allow random access?
I don't understand how disk encryption (e.g. TrueCrypt) is supposed to resist frequency analysis.
If blocks can be randomly accessed (which they can), doesn't that mean that frequency-domain information (e.g. contiguous free space) is exposed?
The…
user541686
- 1,319
- 1
- 11
- 22
7
votes
2 answers
LUKS multiple key slots - what's the intuition?
LUKS volumes have the ability to allow multiple independently usable passwords, as explained here:
[https://code.google.com/p/cryptsetup/wiki/FrequentlyAskedQuestions]
The intuition behind basic encryption with a single key is pretty…
SauceCode
- 173
- 1
- 4
7
votes
1 answer
How is LUKS dm-crypt secure if the key is stored with the encrypted data?
I've posted this question over at superuser, but haven't had any success at getting answers. That's why I've posted it here. Furthermore, I believe this is a more appropriate place for it as it is questions about design of the encryption system and…
Sam Parker
- 73
- 1
- 3
6
votes
1 answer
How can XTS be used to detect the presence of TrueCrypt hidden volumes?
According to a thread on the VeraCrypt discussion forum, and a single-post followup, it is possible to detect the presence of a hidden volume in certain conditions due to a flaw in the cryptography or the way it is used, rather than a flaw in the…
forest
- 14,683
- 1
- 45
- 97
6
votes
1 answer
Ephemeral Encryption Keys
My understanding is, ignoring implementation details, iOS disk encryption works like this: On boot (and/or every time you unlock your phone) an ephemeral session key is created that can decrypt encrypted files.
My question is, how is it possible…
Ali
- 163
- 4
6
votes
2 answers
Encrypt-Mix-Encrypt: Full Diffusion?
I've read "A Parallelizable Enciphering Mode" by Halevi and Rogaway about the encrypt-mix-encrypt mode for ciphers and was asking myself if this mode provides "full" diffusion.
So if an attacker alters one bit of the ciphertext, how many bits (all?)…
SEJPM
- 45,265
- 7
- 94
- 199
6
votes
2 answers
Is it possible to tweak AES-GCM so that it is satisfactory for whole-disk encryption (like XTS mode)?
Is it possible to leverage a preexisting implementation of AES-GCM to provide the key security benefits essential for full-disk encryption (similar to AES-XTS)?
GCM is a popular encryption mode supported by several libraries and with fast…
user3325588
- 49
- 7
5
votes
2 answers
Should I use XTS or GCM to encrypt my hard drives?
I want to start encrypting all of my hard drives, but I don't know whether to choose XTS or GCM mode. Why is it that XTS is recommended (since the most websites I visit use GCM in their HTTPS connection)? So my question is: should I use XTS or GCM,…
blacklight
- 551
- 7
- 12
5
votes
1 answer
what are the security benefits of LUKS?
Aremed with only basic crypto knowledge, I'm trying to understand the security benefits of LUKS over plain-mode dm-crypt. Hopefully this is a good place to ask.
Given the LUKS header contains information describing how the payload is encrypted,…
starfry
- 185
- 1
- 6
5
votes
2 answers
Fast cipher without needing hardware support (like ChaCha20) for disk encryption
On my old laptop, ChaCha20 is quite a bit faster than AES as there is no hardware acceleration for AES. But for disk encryption AES based schemes seem to be the only option, as a stream cipher like ChaCha20 cannot directly be used for disk…
JanKanis
- 213
- 1
- 5
4
votes
1 answer
Regarding XEX mode
Wikipedia claims that given an unkeyed permutation $p$ (presumably of the same size as the key) this is safe: $p(m \oplus k) \oplus k$
Why isn't this construction used instead of XEX? Surely unkeyed permutations should be faster than keyed ones…
Bob Semple
- 143
- 4