undefined | Better HN

0 pointsmidas00712y ago0 comments

That's trivial to add on, outside of CTR.

You have a system of keys derived from a master key. Too many bytes encrypted with one key? Use a new key for subsequent writes.

(And for god's sake use a PBKDF to derive a master key from a password, don't memcpy() it directly.)

0 comments

3 comments · 1 top-level

tptacek12y ago· 2 in thread

Can I suggest you reread the article? I felt bad that I spent so much time on the mechanics of tweakable ciphers because people didn't really need to understand them to see why not to use XTS, but here you've vindicated all those paragraphs by stating the exact problem they solve, and did it be presenting an unsafe alternative to them.

midas007OP12y ago

Unsafe for what, how? You're making all sorts of claims and now an accusation without backing them up with a shred of evidence.

XTS is only useful for FDE, everything else should look for simpler constructions.

Maybe you need to read:

http://cactus.eas.asu.edu/partha/Teaching/539-CommonFiles/Cr...

Would really appreciated if you would know you're talking about and provide evidence before saying "it's wrong" or "it's bad advice."

tptacek12y ago

Did you just propose a disk encryption scheme whereby PBKDF2 is called on a sector by sector basis?

Later: FWIW, it looks like the parent comment was edited after I wrote this.

1 more reply

j / k navigate · click thread line to collapse