Subject: Re: NetBSD raw disk block encrypted FFS filesystem needed!
To: Matthew Mondor <mmondor@linuxguru.net>
From: Al B. Snell <alaric@alaric-snell.com>
List: port-i386
Date: 12/23/2000 15:12:19
On Fri, 22 Dec 2000, Matthew Mondor wrote:
> The best cryptography software I used does create different lenght results
> each time the same block is encrypted, if there exists such encryption
> systems that can be used for filesystems the size would vary but could be
> estimated
It will always be possible to create an equally powerful cryptosystem
without random cyphertext expansion.
Known cyphertext expansion is much more applicable for a filesystem -
divide the disk into clusters, and store (say) 8 blocks of data in a
10-block cluster.
Basically, you pad your 8 blocks of data up to 10 blocks by shoving in
some random data, then encrypt the lot with a non-expanding cypher. The
extra random data places a barrier to known or chosen plaintext attacks.
ABS
--
Alaric B. Snell
http://www.alaric-snell.com/ http://RFC.net/ http://www.warhead.org.uk/
Any sufficiently advanced technology can be emulated in software