On Mon, Apr 23, 2012 at 8:16 AM, MauMau <maumau...@gmail.com> wrote: > Hello, > > > Thanks a lot for your valuable advice. I'm looking into the CBC with IVs > based on block numbers, CTR, and XTS. I'm refering to the pages below: > > Block cipher modes of operation > http://en.wikipedia.org/wiki/Block_cipher_mode > > Disk encryption theory > http://en.wikipedia.org/wiki/Disk_encryption_theory You should have a look at Microsft's paper by Neils Ferguson on Bitlocker's design and implementation. Its a very practical and approachable paper. It seems to me you problem domain has a lot of overlap with Bitlocker's requirements.
Microsoft did get thrown a bone on authnetication. That is, the CPU is an arbitrator. If an adversary tampers with a file on disk, the diffuser layer will perform adequate mixing so that the instructions executed by the CPU will eventually brick the operating system. "AES-CBC + Elephant diffuser: A Disk Encryption Algorithm for Windows Vista," http://download.microsoft.com/download/0/2/3/0238acaf-d3bf-4a6d-b3d6-0a0be4bbb36e/BitLockerCipher200608.pdf. Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
