Opened at 2019-07-25T13:26:42Z
Last modified at 2019-07-25T13:59:36Z
#3230 new defect
Consider switching from AES CTR to AES XTS
Reported by: | exarkun | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | undecided |
Component: | code | Version: | n/a |
Keywords: | Cc: | ||
Launchpad Bug: |
Description
After discussion with #cryptography-dev about random access AES CTR support in the cryptography library, it sounds like a better move would be for Tahoe-LAFS to switch this primitive to AES XTS instead. AES XTS is designed with random access in mind.
Obviously there are more factors to consider than *just* ease of random access. The outcome of this ticket should be an enumeration and consideration of all such factors along with a decision about whether they indicate sticking with AES CTR or switching to AES XTS.
Change History (2)
comment:1 Changed at 2019-07-25T13:34:00Z by exarkun
comment:2 Changed at 2019-07-25T13:59:36Z by exarkun
ticket:266 was the immediate motivation for this ticket, by the way.
Somewhere, likely, there should also be a task to survey more recent cryptographic tools that might serve here. AES XTS (or, I guess, "XTS-AES") was standardized 12 years ago. I have done no investigation to determine how well or poorly it has aged.