Anyone else convinced AES-256 is not long enough a but length for full disk encryption anymore? Even the 512-bit schemes are just trying some offset-salts that, with ~10TB I worry about providing close-enough statistical significance for cryptanalysis.
With 100TB drives?! I am less worried and more… convinced its a problem.
At the current rate of development, every city will have its own space heater data center, so with all that computational power available to just any maligned local city government dignitary, you’re right to be concerned.
I have to admit, that I never looked into the technical details of full disk encryption
If I understand you correctly, they are using the same key for all the data and with larger amounts of data statistical analysis becomes feasible
Did I get this right?
Couldn’t that be solved by using a root key + salt per block/sector/file/whatever?
I’d still only need the one root key and with every block the actual encryption key changes
I was thinking about perfect forward secrecy and that was the first thing, I could come up with
But, I’m absolutely not a crypto/math guy, so probably I don’t know enough to really add something to the discussion/solution…
Anyone else convinced AES-256 is not long enough a but length for full disk encryption anymore? Even the 512-bit schemes are just trying some offset-salts that, with ~10TB I worry about providing close-enough statistical significance for cryptanalysis.
With 100TB drives?! I am less worried and more… convinced its a problem.
At the current rate of development, every city will have its own
space heaterdata center, so with all that computational power available to just any maligned local city government dignitary, you’re right to be concerned.I have to admit, that I never looked into the technical details of full disk encryption
If I understand you correctly, they are using the same key for all the data and with larger amounts of data statistical analysis becomes feasible
Did I get this right?
Couldn’t that be solved by using a root key + salt per block/sector/file/whatever?
I’d still only need the one root key and with every block the actual encryption key changes
I was thinking about perfect forward secrecy and that was the first thing, I could come up with
But, I’m absolutely not a crypto/math guy, so probably I don’t know enough to really add something to the discussion/solution…