![]() |
FreeOTFE |
IV Generation Method |
Description |
---|---|
Null IV |
No IV is used/a null IV is used. i.e. A block of data consisting of with 0x00 (null) characters is used as the IV |
32 bit sector ID |
The least significant 32 bits of the sector ID is right-padded with 0x00 characters, and used as the IV. These bits are ordered MSB..LSB. |
64 bit sector ID |
As the 32-bit sector ID method, but a 64 bits sector ID is used. Note: This is unlikely to offer any security advantage over using 32 bit sector IDs, unless used with a volume file ((2^32) * 512) bytes long (2048GB), or greater |
Hashed 32 bit sector ID |
The least significant 32 bits of the sector ID is hashed with the user's choise of hash algorithm. The resulting hash value will be truncated/right padded with 0x00 characters until it is the same length as the cypher's blocksize. |
Hashed
64 bit sector ID |
As the hashed 32-bit sector ID method, but a 64 bits sector ID is used. Note: This is unlikely to offer any security advantage over using 32 bit sector IDs, unless used with a volume file ((2^32) * 512) bytes long (2048GB), or greater |
ESSIV | This option offers the most security. On mounting the FreeOTFE volume, the master key used for encrypting/decrypting the volume is hashed with the hash algorithm chosen by the user when the volume was created. If the cypher used for encryption/decryption has a fixed keysize, this hash output is truncated/right padded with 0x00 characters until it matches the cypher's keysize and stored as the "ESSIV key" (or "salt"). If the cypher doesn't have a fixed keysize, the full hash output is stored as this key ("salt"). When a per-sector IV is required, the 64 bit sector ID is encrypted using the "ESSIV key". This encrypted sector ID is truncated/right-padded with 0x00 characters until it matches the cypher's blocksize. |
Sector ID = (Ostart - Soffset) % Ssizewhere:
Ostart |
The offset within the host volume/partition from where the encrypted partition begins (i.e. after any CDB) |
Soffset |
The offset from within the encrypted partition from where the sector begins |
Ssize |
The sector size of the emulated drive (i.e. 512 bytes) |
% |
is the modulus operator |