Thanks Dejan and Siggi!
Well, about Dejan’s answer: I know how to manipulate additional pages
during paging IO but my original question was how to avoid it (mainly).
Moreover for RDR files I’ve already use similar technique. But I’ve hope
to get answer like Siggi: looks like it’s the way! I want to hear about
security in this case also.
Also, yesterday I’ve came to the padding solution but it requires per
file keeping these paddings. Not very good for us now - by reason Siggi
also noticed at the end.
So, last unclear for me here is why Dejan tell me that using of (CTR,
CFB, OFB, and even CTS…) requires additional page manipulation
efforts? Why we can’t do encryption on a 4K basis - each page
independently, but with using pointed out encryption mode on the stream
data for each page? I.e. use page size div block size as usual and left
data with previous block(s), actually?
And what’s exact name for such encryption mode in the list of (CTR, CFB,
OFB, and even CTS) ? ![:slight_smile: :slight_smile:](/images/emoji/twitter/slight_smile.png?v=12)
Reg?rds,
Valery Boronin
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Sigurdur
Asgeirsson
Sent: Wednesday, July 09, 2003 7:44 AM
To: File Systems Developers
Subject: [ntfsd] RE: paging IO and 192-bit (or any non-aligned on page
size) encryption
Hi,
I guess one way to do this (and I believe this was related to me by
David J. Craig [xxxxx@yoshimuni.com] - errors mine) is to handle the
tail of the page by double-encrypting the last few bytes before the
tail. The algorithm is to do your regular encryption on the (PageSize
div BlockSize) blocks, then handle the last BlockSize bytes by
encrypting them in a separate pass. On decryption, you reverse the
process by decrypting the trailing BlockSize bytes first, then do the
page from start to end. This does however beg a question for me: is it
in general safe to handle the last page of a file as a full page or
sector, and encrypt it as such, irrespective of the write length? I
guess the answer may vary between FSDs, and even for different
blocksizes with the same FSD? If this isn’t safe, then there’s another
boundary case which occurs when the entire length of the file is less
than the BlockSize. This is somewhat more difficult to solve since you
need extra storage of up to (BlockSize - 1) bytes, in order to be able
to store the full encrypted block.
Siggi
-----Original Message-----
From: Valery Boronin [mailto:xxxxx@gorodok.net]
Sent: Tuesday, July 08, 2003 1:15 AM
To: File Systems Developers
Subject: [ntfsd] paging IO and 192-bit (or any non-aligned on page size)
encryption
Hi, all!
All of us knows how important to support paging IO with minimal efforts
to don’t reduce whole OS perfomance By this reasons in the encryption
filters usually uses page size-aligned security algorithms like 128- or
256-bit AES, twofish, blowfish, etc. But what about 3DES (triple-DES)
which is 192-bit and has inner block size 3*8-24 byte (thus we’ve got
problems with doing transparent encryption/decryption paging IO -
4096/24 not divided without remainder).
So, to properly encypt/decrypt headers/trailers of each 4K (usually)
page, we have to read/write adjacent 0-2 pages (prev & next, if exists),
but this leads significant overheads during paging IO (roll our own
subrequests, etc.), it seems to me. Is there another ways to solve this?
I don’t know, but may be there is solution to align 192-bit security
algorithm to the page size boundary (using some encryption mode CBC,…
don’t remember)?
Who faced this problem before or/and knows possible solution, please,
share it with me
Reg?rds,
Valery
You are currently subscribed to ntfsd as: xxxxx@greenborder.com To
unsubscribe send a blank email to xxxxx@lists.osr.com
You are currently subscribed to ntfsd as: xxxxx@plesk.ru
To unsubscribe send a blank email to xxxxx@lists.osr.com