Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

It can be. We want to move away from IV-based encryption primitives to tweak-based primitives for each individual file. This is just so more people understand how it works, especially since now XTS is a recommended standard. Right now we use a custom solution, which made sense in 2004 but now that XTS exists we can switch over.


Wait, XTS is a standard recommended for block-level disk encryption. It's not a recommendation for file encryption. The two problems are similar, but not identical; for instance, block encryption has strict requirements on ciphertext size, and requires the capability to modify ciphertexts instead of just re-encrypting. Are you sure XTS is a good idea for file encryption? Wouldn't a simple AEAD mode do the job just as well, and also provide for file integrity?




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: