Hello, The reason to want to use XTS[1] mode is to avoid the same ciphertext be produced for the same plaintext due to using the same initialization vector for each page if for example CBC mode is used (due to inability to store the IV inside a page).
XTS mode can be used in Firebird if we treat pages as blocks of data and page numbers as block numbers. This is a good fit because everything is a page in the current on-disk file structure and page numbers represent the on disk position of a page. We have implemented a prototype version of a DbCrypt plugin using AES-XTS in this way but had to resort to some hacks to extract the page number of the page we are currently working on. To obtain the page number from the block of data passed to the encrypt()/decrypt() method we are taking advantage of the following knowledge: - the pointer passed is always[*] pointing inside a page immediately after its header which contains its page number - before passing a page for encryption/decryption the page header is properly initialized - the length of data to encrypt/decrypt is a multiple of 16 bytes [*] Not always true currently. There is a DbCrypt plugin sanity routine that passes a 16 byte chunk to test encryption and decryption and a routine for calculating a digital signature which passes a multiple of 16 byte chunk that is way shorter than the minimum page size of 4096 bytes. Both of these routines can be detected from the length of the chunk to be encoded/decoded and a dummy page number can be used. We are proposing that XTS mode of operation be officially supported as it provides better security than the currently implementable modes and the required effort is small (i.e. just passing the page number as an argument to encrypt()/decrypt()). Regards, Hristo Stefanov ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot Firebird-Devel mailing list, web interface at https://lists.sourceforge.net/lists/listinfo/firebird-devel
