Thread Links			Date Links
Thread Prev	Thread Next	Thread Index	Date Prev	Date Next	Date Index

Re: [STDS-P1619] narrow question on iEEE 1619.0

To: STDS-P1619@xxxxxxxxxxxxxxxxx
Subject: Re: [STDS-P1619] narrow question on iEEE 1619.0
From: Laszlo.Hars@xxxxxxxxxxx
Date: Tue, 11 Aug 2009 23:00:39 -0400
Delivered-to: mhonarc@xxxxxxxxxxxxxxxx
In-reply-to: <7F655E8CB52DD84C8CFC56BBD77FBEB3411A3097C9@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
List-help: <http://listserv.ieee.org/cgi-bin/wa?LIST=STDS-P1619>, <mailto:LISTSERV@LISTSERV.IEEE.ORG?body=INFO%20STDS-P1619>
List-owner: <mailto:STDS-P1619-request@LISTSERV.IEEE.ORG>
List-subscribe: <mailto:STDS-P1619-subscribe-request@LISTSERV.IEEE.ORG>
List-unsubscribe: <mailto:STDS-P1619-unsubscribe-request@LISTSERV.IEEE.ORG>
Reply-to: Laszlo.Hars@xxxxxxxxxxx

John,

XTS was designed for transparent encryption modules: black boxes, inserted somewhere in the data path between the Host and the storage media. XTS does not use any metadata, normally available in storage systems, including a possibly variable record length. This restriction caused criticisms: the security or the performance could be better with using extra info. On the other hand, there could be many different architectures, with different metadata, so a general solution is hard to find.

Accordingly, the block size must always be the same in a particular XTS implementation.

Another consequence of the transparency design constraint is that the length of the data must not change with encryption. (This requirement was also widely criticized, because in many storage systems the data layout on the storage media could be changed, while this change remains hidden from the Host. Nevertheless, this could cause compatibility issues with the storage device, and again, a general solution for most practical cases looks hard.)

Accordingly, you must use the specified ciphertext stealing, and no data padding.

Laszlo Hars
Seagate

John Markey <jkmarkey@xxxxxxxxxxxx>

John Markey <jkmarkey@xxxxxxxxxxxx>
No Phone Info Available
08/11/2009 08:24 PM

Please respond to
John Markey <jkmarkey@xxxxxxxxxxxx>

To

STDS-P1619@xxxxxxxxxxxxxxxxx

cc

Subject

[STDS-P1619] narrow question on iEEE 1619.0

Hi All

We had a narrow technical question on the iEEE 1619.0 specification, in particular from the standard on the XTS-AES mode.

In section 5.1, should/must "Data Units" be of common, equal size? is this strictly enforced...

If data units are not a multiple of 16 bytes in length (they need not be), then each data unit should do cypher-text stealing for encryption of the last two blocks (see Figure 2). Is this correct?

If the amount of data to be encrypted is not a multiple of the data unit size, what is typically done?

Is the end of the data padded (best practice for padding) until it fills a complete data unit.

We are new to the use of this standard and we and our technology partner would like to make sure we are interpreting this correctly. Thank you very much.

John Markey
Mobile Devices
Broadcom Corp
San Diego

References:
- [STDS-P1619] narrow question on iEEE 1619.0
  - From: John Markey

Prev by Date: [STDS-P1619] Loss of Membership Warning
Next by Date: [STDS-P1619] narrow question on iEEE 1619.0
Previous by thread: [STDS-P1619] narrow question on iEEE 1619.0
Next by thread: Re: [STDS-P1619] narrow question on IEEE 1619.0
Index(es):
- Date
- Thread