Encryption of multiple devices using one key

Main Page | Report this Page

Science Forum Index » Cryptography Forum » Encryption of multiple devices using one key

Page 1 of 1

Author

Message

Bert Brenner

Posted: Wed Apr 30, 2008 9:06 am

Guest

Not sure whether this is the correct group for this kind of question
but I'll give it a try ;-)

Let's assume I have two identical (size) harddisks.

Both disks are completely filled with random data before encryption will be set up

dd if=/dev/urandom of=/dev/sd[ab]

The encryption would be set up according to:

http://loop-aes.sourceforge.net/loop-AES.README

- Loop-AES 256
- Multi-key-v3

The key is generated using the /dev/random device.
The filesystem would be ext2.

Would it be safe to use the same key for both disks or would that be a security
problem?

If someone has access to both disks, would the encryption be breakable if one key
is used for both disks?

Thanks a lot in advance.

Simon Sibbez

Posted: Wed Apr 30, 2008 2:36 pm

Guest

Bert Brenner wrote:

see http://mail.nl.linux.org/linux-crypto/2005-04/msg00004.html

-- Simon

rossum

Posted: Wed Apr 30, 2008 3:16 pm

Guest

On Wed, 30 Apr 2008 16:06:32 +0200, Bert Brenner
<Bert.Brenner@t-online.de> wrote:

Quote:

dd if=/dev/urandom of=/dev/sd[ab]

The encryption would be set up according to:

http://loop-aes.sourceforge.net/loop-AES.README

- Loop-AES 256
- Multi-key-v3

The key is generated using the /dev/random device.
Do you want one key or two? Also your reference talks about using a

passphrase and hashing it with SHA, that is not usually needed with
output from dev/random which has probably already been hashed.

Quote:

The filesystem would be ext2.

Would it be safe to use the same key for both disks or would that be a security
problem?
What security problem are you trying to solve? In some cases one key

for both disks is fine, in other cases you would need two different
keys for the two disks. Basically it comes down to do you want two
different sets of people to be able to decrypt the two disks or is the
same set of people to be able to decrypt the pair of disks.

Quote:

If someone has access to both disks, would the encryption be breakable if one key
is used for both disks?
Only if they have access to the appropriate key. AES is secure

against a known plaintext attack.

As a general point, generating a key from dev/random is low cost so
there is probably little reason to reuse a key unless everyone who
needs the key to disk 1 also needs the key to disk 2 and vice versa,
both now and in future.

rossum

Quote:

Thanks a lot in advance.

David Eather

Posted: Wed Apr 30, 2008 5:00 pm

Guest

Bert Brenner wrote:

Quote:

If you used counter mode then your totally screwed - counter mode is a
great mode but not if you use it twice with the same key (and I assume
the same nonce). If you used CBC or a modern mode intended for disk
encryption then you may only be partly screwed. The lesson - use
different and unrelated keys in each application.

Quote:

Thanks a lot in advance.

Bert Brenner

Posted: Thu May 01, 2008 4:10 am

Guest

In article <5639085.9aXn4nqpiU@localhost>, simon.sibbez@buerotiger.de says...

Quote:

Bert Brenner wrote:

see http://mail.nl.linux.org/linux-crypto/2005-04/msg00004.html

-- Simon

That's exactly what I was looking for.

Apparently the only safe solution is to use a different key for each encrypted
disk/partition.

Thanks.

Bert Brenner

Posted: Thu May 01, 2008 4:10 am

Guest

In article <g-mdnVdyi-C6cYXVnZ2dnUVZ_gOdnZ2d@supernews.com>, eather@tpg.com.au
says...

Quote:

The AES cipher is used in CBC (cipher block chaining) mode. Data is
encrypted and decrypted in 512 byte chains.
Multi-key-v2 mode uses cryptographically more secure MD5 IV
and 64 different AES keys to encrypt and decrypt sectors in the loop device.
In multi-key mode first key is used for first sector, second key for second
sector, and so on.
Multi-key-v3 is same as multi-key-v2 except that it uses
one extra 65th key as additional input to MD5 IV computation.

Actually I'm using Multi-key-v3 mode

Quote:

The lesson - use different and unrelated keys in each application.

Lesson learned! Wink

Different keys is the way to go.

Thanks for the info.

Bert Brenner

Posted: Thu May 01, 2008 4:10 am

Guest

In article <mvjh14dpc98grccip2mhm3480926loqpem@4ax.com>, rossum48@coldmail.com
says...

Quote:

Both disks are completely filled with random data before encryption will be set up

I am curious as to why you would want to encrypt random data?

I'm filling the new disks with random data "BEFORE" encryption is set up.
Normaly a new disk is filled entirely with 0x00 bytes.
If you set up encryption on such a disk, an "attacker" would be able to distiguish
between used and unused disk blocks.

This can be prevented by initially filling the disk with random data.

rossum

Posted: Thu May 01, 2008 5:41 am

Guest

On Thu, 1 May 2008 11:10:48 +0200, Bert Brenner
<Bert.Brenner@t-online.de> wrote:

Quote:

In article <mvjh14dpc98grccip2mhm3480926loqpem@4ax.com>, rossum48@coldmail.com
says...

Both disks are completely filled with random data before encryption will be set up

I am curious as to why you would want to encrypt random data?

I'm filling the new disks with random data "BEFORE" encryption is set up.
Normaly a new disk is filled entirely with 0x00 bytes.
If you set up encryption on such a disk, an "attacker" would be able to distiguish
between used and unused disk blocks.

This can be prevented by initially filling the disk with random data.
Thanks for the explanation.

rossum

Page 1 of 1 All times are GMT - 5 Hours The time now is Sat Sep 06, 2008 1:16 am Science Forum Index