Truecrypt hidden volumes9/4/2023 Obviously, the issue isn't a distinguishability attack against the cipher itself, but with how XTS is being used. A fundamental flaw in XTS would require far more expertise and would be the sort of thing reported in a groundbreaking research paper, not in an email thread to the author of a single encryption product which uses XTS. Typically, disclosures done in this manner tend to be disclosures of software vulnerabilities which can be found without a large amount of skill. I cannot imagine how the design of XTS could lead to that behavior. My personal opinion is that the presence of 255 consecutive blocks of zeros encrypted by XTS next to a single block different from zero is the key point behind this issue, and that this enables somehow to have a statistical distinguisher for this special case. I think it could be at least worth investigating why a block of XTS encrypted zeros could be distinguished from an XTS encrypted header, or random data.Īnd another post with speculation on an issue with XTS: a 1 GB file of zeros), or plaintext chosen by or known to the attacker? Could they possibly also be detected in the ciphertext? If even a rather short block of encrypted zeros can be distinguished from random data, what about larger chunks of plaintext which show distinctive patterns (e.g. I'm somewhat worried about the possibility to distinguish encrypted data from uniformly distributed random data in general, because this could possibly hint some issue with the ciphers or their usage. A post in that thread explains my concern: When there is no hidden volume, it is initialized with zeros and encrypted. When a hidden volume is in use, the area where the header for the hidden volume is populated and encrypted. The fix was to use random data rather than zeros for the plaintext of the hidden volume header. According to a thread on the VeraCrypt discussion forum, and a single-post followup, it is possible to detect the presence of a hidden volume in certain conditions due to a flaw in the cryptography or the way it is used, rather than a flaw in the software implementation.
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |