[Boneh-crypto-course] Are we keeping up?

Jason Orendorff jason.orendorff at gmail.com
Mon Apr 9 13:08:55 CDT 2012

Where are you right now?

I just finished watching "8-4 Tweakable encryption", about disk
encryption systems.

(Incidentally I found it interesting: unless there's more to it that
Boneh didn't mention, disk encryption is not disk-wide or even
sector-wide CPA-secure. I conclude that disk encryption must be
intended for security against a very specific threat—the bad guys
physically get hold of your laptop, just once. They can't read your
data, that's the security property. And if they overwrite a particular
block, even if they correctly guess what was there, they have no way
of knowing what they've written.)

(I've been surprised to hear that again and again, the systems with
really strong security properties are not used in practice, apparently
for performance reasons. Provably secure ciphers are not used; instead
we use AES which we think is probably secure. We don't want secure
systems: we want secure-enough systems.)


More information about the Boneh-crypto-course mailing list