Skip to content

AppendixV: add more information about using CBC mode #2887

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

AppendixV: add more information about using CBC mode #2887

wants to merge 1 commit into from

Conversation

randomstuff
Copy link
Contributor

Fixes #2494

@tghosth tghosth added 6) PR awaiting review AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine. labels Apr 6, 2025
jmanico
jmanico reviewed Apr 12, 2025
View reviewed changes
Copy link
Member

@jmanico jmanico left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

disk encryption is a bit out of our scope in ASVS, suggest removing it.

@randomstuff
Copy link
Contributor Author

disk encryption is a bit out of our scope in ASVS, suggest removing it.

If we do that, we should remove the lines about XTS, XEX and LRW modes. In this case, I would still include a note saying:

  • Disk encryption is considered out of scope for the ASVS. Therefore this appendix does not list any approved method for disk encryption. For this usage, encryption without authentication is usually accepted and the XTS, XEX and LRW modes are typically used.

@jmanico
Copy link
Member

jmanico commented Apr 22, 2025

disk encryption is a bit out of our scope in ASVS, suggest removing it.

If we do that, we should remove the lines about XTS, XEX and LRW modes. In this case, I would still include a note saying:

  • Disk encryption is considered out of scope for the ASVS. Therefore this appendix does not list any approved method for disk encryption. For this usage, encryption without authentication is usually accepted and the XTS, XEX and LRW modes are typically used.

I think that is a good solution

@randomstuff
Copy link
Contributor Author

randomstuff commented Apr 22, 2025
edited
Loading

@danielcuthbert and @unprovable, any feedback on that? If not, I'll update the PR accordingly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmanico jmanico jmanico left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
6) PR awaiting review AppendixV Appendix with crypto details _5.0 - Not blocker This issue does not block 5.0 so if it gets addressed then great, if not then fine.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Cryptography - Received comments about CBC
3 participants
@randomstuff @jmanico @tghosth