This piece is written for software designers, not end-users. If you’re an end-user looking for crypto advice: use Truecrypt, use Filevault, use dm-crypt. Also, use PGP, and Tarsnap. Read on only if you’re interested in crypto nerdery.
XTS is the de-facto standard disk encryption mode.
Because it’s relatively new and high-profile, XTS looks like a desirable general-purpose mode. It isn’t. Be wary of applications that claim to use it for anything other than disk encryption.
To see why, you need to understand what disk encryption is, why disk encryption sucks, and how XTS evolved.
A note on terminology:
Disk devices are made of blocks. Block ciphers work on blocks. Unfortunately, they’re two different kinds of blocks (a “wide” disk block, and a “narrow” cipher block), and while it’s possible to design a wide-block cipher that directly works on disk blocks, nobody does that.
So for clarity, I’ll oversimplify: a “sector” is a disk block, and a “block” is a ciphertext block.
read more......http://sockpuppet.org/blog/2014/04/30/you-dont-want-xts/
XTS is the de-facto standard disk encryption mode.
Because it’s relatively new and high-profile, XTS looks like a desirable general-purpose mode. It isn’t. Be wary of applications that claim to use it for anything other than disk encryption.
To see why, you need to understand what disk encryption is, why disk encryption sucks, and how XTS evolved.
A note on terminology:
Disk devices are made of blocks. Block ciphers work on blocks. Unfortunately, they’re two different kinds of blocks (a “wide” disk block, and a “narrow” cipher block), and while it’s possible to design a wide-block cipher that directly works on disk blocks, nobody does that.
So for clarity, I’ll oversimplify: a “sector” is a disk block, and a “block” is a ciphertext block.
read more......http://sockpuppet.org/blog/2014/04/30/you-dont-want-xts/