(If you dedicate an entire sector to them, you're either wasting a large fraction of space, or requiring that you read a large number of sectors to calculate that MAC before you return anything.) This means that the files can potentially be tampered with, and it also increases the risk of attacks when you modify a few bytes in a file. So there's no room for an IV or, more importantly, a MAC or other authentication tag. ![]() ![]() ![]() For file encryption, use GPG or some other tool designed for that, not disk encryption software.ĭisk encryption software is necessarily weaker than file encryption software, because it has the requirement that you can't add any bytes: if you read a sector, it has to give you an entire sector, because filesystems expect 512-byte (or a multiple) sectors, not 480-byte or 496-byte sectors.
0 Comments
Leave a Reply. |