Hacker News new | comments | show | ask | jobs | submit login

Is it a realistic threat though? You're not supposed to use your device after it has been compromised. If you don't _know_ your device has been compromised you are totally fucked anyway.

Yes, thread model for full disk encryption is defined for an attacker that has ability to read the encrypted contents of disk at any point in time.

CTR mode is also malleable at bit level, while XTS is less so (this matters when an attacker can modify the encrypted contents).

What if you're using a hosting provider and using full-disk encryption to stop the hosting provider from having access to your data by yanking the drives?

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact