|
|
|
|
|
|
by zahllos
1033 days ago
|
|
|
An AEAD mode on a physical disk doesn't make a lot of sense. You are mapping disk blocks to disk blocks (in the case of cryptsetup, literally via devicemapper) and so you have two choices: a) alter the sector size to something weird so you can fit in tags per sector, likely breaking a lot of code that can't cope with this or b) just use XTS and accept that you can't have AEAD. It isn't like the average hard disk permits padding oracles and chosen plaintext/ciphertext attacks to be mounted easily, except of course if you are storing disk images in the cloud, but then you're using the wrong tool anyhow - do crypto at the file level where you aren't constrained by sector sizes. |
|
|
Really, I'd say that 99% of the uses of block device encryption would be better served by using a filesystem that supports encryption natively. The remaining 1% is for block devices that handle the encryption in the hardware.