Cryptography/full-disk encryption

Most modern operating systems support full-disk encryption (FDE): a small boot area is left unencrypted (and never changes), containing the code to ask for a password and use that password to decrypt and run the rest of the operating system. The entire rest of the disk is always encrypted -- every write to the disk is intercepted by the operating system and encrypted, so everything written to the disk is encrypted.

Wikipedia has related information at disk encryption

Wikipedia has related information at disk encryption theory

Even if the entire computer is stolen, the data is useless without the password.

As of 2020, the latest FDE software running on modern server hardware is fast enough that the latency is indistinguishable from not using encryption at all.^[1]

Implementation edit

Even-Mansour block ciphers edit

Wikipedia has related information at xor–encrypt–xor

Even-Mansour block ciphers are very simple: Given a block of data, these XOR a key with the block, apply a publicly-known permutation, then XOR a key again. Many cryptographers have studied this construction and some variants.^[2]

Wikipedia has related information at authenticated encryption with associated data

As of 2014, the de-facto standard disk encryption mode for full-disk encryption (FDE) is a specific variant called XEX-based tweaked-codebook mode with ciphertext stealing (XTS). It's good for full-disk encryption, but authenticated encryption has several advantages over XTS in almost any other application.^[3]

↑ Ignat Korchagin. "Speeding up Linux disk encryption". 2020.
↑ JP Aumasson. "Lazy crypto reloaded".
↑ "You Don't Want XTS". 2014.

[1] Ignat Korchagin. "Speeding up Linux disk encryption". 2020.

[2] JP Aumasson. "Lazy crypto reloaded".

[3] "You Don't Want XTS". 2014.

[1]

[2]

[3]