Questions tagged [xts]

Question 1

If I understand correctly, XEX/XTS use a second key to create a "tweak" XORed with the plaintext before and after encryption. The tweak input starts with the encrypted sector number, but is ...

Question 2

When you have a tweakable block cipher such as Threefish and your objective is full disk encryption: Is XTS mode unnecessary? Do you just use the block-length data address (sector + offset, etc) as ...

Question 3

In Android, Adiantum is an alternative to AES-XTS for devices without AES instructions. I cannot understand the reason for why such a convoluted scheme was chosen. There are 128-bit ARX block ciphers ...

Question 4

As an example could be XTS with a 512-bit key that treats the key as one 128-bit key and one 348-bit key. As to why I'm asking it's because XTS runs on one large key that it treats like two keys. ...

Question 5

I am struggling with using Microsoft's BCrypt library in AES-XTS mode. I've confirmed that the Cipher Block Size is 16 bytes (by getting the BCRYPT_BLOCK_LENGTH property). I'm setting the Data Unit ...

Question 6

As far as I understand, the biggest problem of requesting authentication in disk encryption is that the plaintext and ciphertext are not having the same size -because of tag-. The XTS mode is already ...

Question 7

Recently, I've been working on disk encryption. I started with the AES-XTS mode which is the standard for this purpose and tried to understand the concept of disk encryption in general. I know that ...

Question 8

https://en.wikipedia.org/wiki/Disk_encryption_theory Why do we use XTS over CTR for disk encryption? If we used ChaCha20 (without authentication) by simply encrypting each disk sector with the same ...

Question 9

Let's suppose I encrypt something with AES-256 in XTS mode two times (there will be 4 four keys, 2 for each encryption operation), wanting to achive 512-bits of security. Will this scheme be ...

Question 10

https://en.wikipedia.org/wiki/Disk_encryption_theory#Xor%E2%80%93encrypt%E2%80%93xor_(XEX) reads: The standard supports using a different key for the IV encryption than for the block encryption; this ...

Question 11

This question is similar to Can XEX or XTS modes be used with only one tweak? except I am interested to know if one can instead use $X = E_{k}(0) \otimes \alpha^j \\ C = E_{k}(P \oplus X) \oplus X$ in ...

Question 12

XTS is suitable for disk encryption while GCM doesn't. Both require the same number of block encryption calls. Both are parallel in encryption and decryption. XTS is actually even faster in openssl ...

Question 13

From Wikipedia: XTS mode is susceptible to data manipulation and tampering, and applications must employ measures to detect modifications of data if manipulation and tampering is a concern: "......

Question 14

Often when I stumble across something interesting, I lose myself in the most overkill ways of implementing it. Today it was full disk encryption: I'm about to move to QubesOS, and I want to secure my ...

Question 15

My understanding about XEX/XTS mode is limited. But from what I see, it has two good properties: It is length-preserving so that encryption doesn't cost additional space. It is deterministic, which is ...

Stack Exchange Network

Questions tagged [xts]

XTS/XEX mode encrypt/decrypt on partial sector

Tweakable block cipher & XTS for FDE?

Why was Adiantum chosen over an ARX block cipher in XTS mode?

Is it possible for XTS to use two different key sizes?

Required Block Size for XTS Using MSFT CNG

Disk encryption and advanced format

Authenticated Encryption with Length Expansion for Storage Devices

Why is using ChaCha20 for disk encryption insecure?

Is multiple encryption with XTS mode susceptible to Meet-in-the-middle attacks?

Is it OK to use a doubled key for XTS-AES?

Can XEX or XTS modes be used with only one tweak? (part 2)

Is XTS always better than GCM?

Should I be worried about XTS tampering when encrypting backups using VeraCrypt?

EAX vs CTR vs XTS + cascade ciphers in disk encryption hell

Is XEX/XTS good for deterministic file encryption?

Hot Network Questions