Hacker News new | ask | show | jobs
by midas007 4425 days ago
That's trivial to add on, outside of CTR.

You have a system of keys derived from a master key. Too many bytes encrypted with one key? Use a new key for subsequent writes.

(And for god's sake use a PBKDF to derive a master key from a password, don't memcpy() it directly.)
1 comments
tptacek 4425 days ago
Can I suggest you reread the article? I felt bad that I spent so much time on the mechanics of tweakable ciphers because people didn't really need to understand them to see why not to use XTS, but here you've vindicated all those paragraphs by stating the exact problem they solve, and did it be presenting an unsafe alternative to them.
link
midas007 4425 days ago
Unsafe for what, how? You're making all sorts of claims and now an accusation without backing them up with a shred of evidence.

XTS is only useful for FDE, everything else should look for simpler constructions.

Maybe you need to read:

http://cactus.eas.asu.edu/partha/Teaching/539-CommonFiles/Cr...

Would really appreciated if you would know you're talking about and provide evidence before saying "it's wrong" or "it's bad advice."

link
tptacek 4425 days ago
Did you just propose a disk encryption scheme whereby PBKDF2 is called on a sector by sector basis?

Later: FWIW, it looks like the parent comment was edited after I wrote this.

link
midas007 4425 days ago
Absolutely not, that would NOT SCALE.

Again, you're making accusations, shifting the conversation without providing evidence. Talking with you is pointless.

link
tptacek 4425 days ago
So when I "derive a new key" for a sector when it gets "rewritten", that key comes from...
link
makomk 4425 days ago
Presumably the sector key is derived from the master key using one of the numerous fast KDFs, with PBKDF used only to derive the master key from the password. That's the obvious way to do it and midas007 explicitly mentions PBKDF as a way to generate a master key from a password with sector keys derived from that master key using some unspecified technique. You appear to have come up with your own obviously daft way of implementing the suggestion and then criticized that rather than the original proposal. Please don't do that.
link