#3230 new defect

Consider switching from AES CTR to AES XTS

Reported by: exarkun Owned by:
Priority: normal Milestone: undecided
Component: code Version: n/a
Keywords: Cc:
Launchpad Bug:

Description

After discussion with #cryptography-dev about random access AES CTR support in the cryptography library, it sounds like a better move would be for Tahoe-LAFS to switch this primitive to AES XTS instead. AES XTS is designed with random access in mind.

Obviously there are more factors to consider than *just* ease of random access. The outcome of this ticket should be an enumeration and consideration of all such factors along with a decision about whether they indicate sticking with AES CTR or switching to AES XTS.

Change History (2)

comment:1 Changed at 2019-07-25T13:34:00Z by exarkun

Somewhere, likely, there should also be a task to survey more recent cryptographic tools that might serve here. AES XTS (or, I guess, "XTS-AES") was standardized 12 years ago. I have done no investigation to determine how well or poorly it has aged.

comment:2 Changed at 2019-07-25T13:59:36Z by exarkun

ticket:266 was the immediate motivation for this ticket, by the way.

Note: See TracTickets for help on using tickets.