On Thu, Oct 7, 2021 at 09:59:31PM +0300, Ants Aasma wrote:
> On Thu, 7 Oct 2021 at 21:52, Stephen Frost <sfrost@snowman.net> wrote:
>
> With XTS this isn't actually the case though, is it..? Part of the
> point of XTS is that the last block doesn't have to be a full 16 bytes.
> What you're saying is true for XEX, but that's also why XEX isn't used
> for FDE in a lot of cases, because disk sectors aren't typically
> divisible by 16.
>
> https://en.wikipedia.org/wiki/Disk_encryption_theory
>
> Assuming that's correct, and I don't see any reason to doubt it, then
> perhaps it would make sense to have the LSN be unencrypted and include
> it in the tweak as that would limit the risk from re-use of the same
> tweak over time.
>
>
> Right, my thought was to leave the first 8 bytes of pages, the LSN, unencrypted
> and include the value in the tweak. Just tested that OpenSSL aes-256-xts
> handles non multiple-of-16 messages just fine.
Great.
--
Bruce Momjian <bruce@momjian.us> https://momjian.us
EDB https://enterprisedb.com
If only the physical world exists, free will is an illusion.