0

FileVault 2 uses the Advanced Encryption Standard (AES) encryption algorithm, which delivers robust protection for stored data. Until mid-2013, it only supported the use of 128-bit keys, not 256-bit keys. Although 128-bit keys are technically acceptable in many environments, organizations are rapidly moving toward 256-bit keys to thwart emerging threats.

Source: https://searchsecurity.techtarget.com/feature/Apple-FileVault-2-Full-disk-encryption-software-overview

Wouldn't a stream algorithm be faster and easier to handle? Wont' the usage of a block cipher consume more disk space? Is there an istruction set in modern CPUs for streaming encryption algorithms as it is for block algorithms?

Thanks

Alessandro D'Armiento
  • 135
  • 11

1 Answers1

0

A filesystem has to support all common use cases efficiently.

Now consider the case of a database file. (For example, one that uses SQLite.) It is common to know where your record is, to open up your file, seek to that place, read that record, possibly rewrite it, then close your file. With a block based algorithm that's just a question of loading the correct block, decrypting it, returning it, and then encrypting it on the way back. With a stream based algorithm you would need to read the whole database file to understand that part of the file, and would need to rewrite the whole database file again to modify a bit in the middle.

Therefore stream based algorithms would be horribly inefficient for this use case, while block based algorithms work well.

Incidentally as long as the encryption key is external to the block, a block based algorithm will have very little space overhead. Or, more precisely, will force you to round your file sizes up to the last block.

btilly
  • 43,296
  • 3
  • 59
  • 88
  • Hello @btilly and thanks! In order to achieve what you are mentioning woudn't it require to have a parallelizable algorithm mode such as ECB, which I know is considered insecure (because if I can easily extract a block, decipher it, edit it, re-cipher it and put it back where it was, than an attacker could easily guess my encription key analyzing some repeating blocks)? EDIT: maybe I misanderstood: where you talking about disk blocks instead of cipher blocks? Is any single disk block encrypted using something like CBC? – Alessandro D'Armiento Sep 25 '18 at 15:05
  • @AlessandroD'Armiento I don't believe that it needs to be parallelizable. But there are other considerations. See https://en.wikipedia.org/wiki/Disk_encryption_theory for some of them, as well as confirmation that streaming won't work. – btilly Sep 25 '18 at 16:28