README (1373B)
1 xts implements the AES-XTS cipher mode as defined in the IEEE Std 1619-2007. 2 3 AES-XTS is an unauthenticated transparent encryption scheme designed for use 4 cases like disk encryption. Transparent in the sense that the output size is the 5 same as the input size, and that blocks can be written or read in an arbitrary 6 order. Similarly to the ECB mode, XTS operates in blocks which are a multiple of 7 the AES block size. 8 9 The security guarantees can be compared to the ECB ones, but with a different 10 key for each block. That means following vulnerabilities exist: 11 12 - Traffic analysis: An observer can see when a certain block is written back to 13 disk with a different value. 14 - Replay: An adversary may change a block back to an old value, if write access 15 is available. 16 - Changing sectors: Changing of the cipher text will result in "random" plain 17 text. Authentication or error detection can be done before encryption, to 18 resist such attacks. 19 20 This is a low-level module which implements cryptographic primitives. Direct use 21 of cryptographic primitives is not recommended for non-experts, as incorrect use 22 of these primitives can easily lead to the introduction of security 23 vulnerabilities. Non-experts are advised to use the high-level operations 24 available in the top-level [[crypto::]] module. 25 26 Be advised that Hare's cryptography implementations have not been audited.