Encryption Modes


Although BestCrypt supports a number of well-known strong encryption algorithms, it is important to choose the most suitable and strong encryption mode for the algorithms. When choosing a mode, a number of aspects has to be taken into account, including strength of the mode against known attacks and certain application of the algorithms. For example, if we encrypt tape devices or a network connection, we have to use encryption mode allowing us to encrypt byte-by-byte sequence. If BestCrypt must encrypt 512-bytes sectors that an operating system randomly reads from a disk, it has to use another encryption mode.

LRW Encryption Mode

BestCrypt uses LRW encryption mode with all encryption algorithms supported by the software. "LRW" is derived from the names Liskov, Rivest, Wagner - the authors of the encryption mode. The Institute of Electrical and Electronics Engineers (IEEE) has published a description of the LRW mode in IEEE P1619 document.

LRW mode is less susceptible to attack or being compromised than other current techniques such as Counter-Mode encryption or Cipher Block Chaining (CBC) encryption. The mode addresses threats such as copy-and-paste and dictionary attacks. LRW mode is specially designed for encryption of storage at the sector level.

LRW mode uses its own secret Secondary Encryption Key that is completely different from a Primary Encryption Key used by certain encryption algorithms. The size of an LRW Secondary Key is equal to the block size of the particular encryption algorithm. For example, if the block size of an AES encryption algorithm is 128 bits, the LRW mode requires a 128-bit Secondary Key.

As a result, the effective key length for the pair LRW mode + AES becomes higher than AES originally has. While the AES key length is 256 bits, LRW+AES pair uses 256+128 = 384 bits key.

Depending on your system, there can be some read /write performance degradation when using LRW. Please use the Benchmark Utility to test.

XTS Encryption Mode

BestCrypt uses XTS encryption mode with AES (Rijndael), RC6, Serpent, and Twofish encryption algorithms.

The Institute of Electrical and Electronics Engineers (IEEE) has approved XTS mode for protection of information on block storage devices according to IEEE 1619 standard released on 19th December, 2007. The IEEE 1619 document states the following for AES encryption algorithm used as subroutine in XTS mode:

"XTS-AES is a tweakable block cipher that acts on data units of 128 bits or more and uses the AES block cipher as a subroutine. The key material for XTS-AES consists of a data encryption key (used by the AES block cipher) as well as a "tweak key" that is used to incorporate the logical position of the data block into the encryption. XTS-AES is a concrete instantiation of the class of tweakable block ciphers described in Rogaway article (Phillip Rogaway - author of the mode). The XTS-AES addresses threats such as copy-and-paste attack, while allowing parallelization and pipelining in cipher implementations."

XTS mode uses its own secret key (a "tweak key") that is completely different from Primary Encryption Key used by certain encryption algorithm.

For example, if block size of AES encryption algorithm is 128 bits, XTS mode requires 128-bit key. As a result, the effective key length for the pair XTS mode + AES becomes higher than AES originally has. While AES key length is 256 bits, XTS+AES pair uses 256+128 = 384 bits key.

The size of XTS key is equal to block size of the certain encryption algorithm, and IEEE 1619 standard states that it must be 128 bits or more. It is the reason why BestCrypt uses XTS mode only with encryption algorithms with block sizes not less than 128 bits.


See also: