1

I have a twofold question, first when choosing between AES-CBC and AES-XTS which is more secure. From my reading XTS is more secure in some respects but not in others when compared to CBC. Second are both modes FIPS 140-2 approved? Related to that question if I am using BitLocker on a virtual machine volume with no TPM, only a password would that still be covered? I looked at the following but it didn't really give an answer.

Is BitLocker on a virtual machine FIPS 140-2 security level 1 compliant?

Thorin
  • 111
  • 2
  • XTS and CBC are NIST approved modes of operation for AES. I would link to their documentation but it seems like due to the US government shutdown, parts of the NIST website (csrc) are inoperable. – vcsjones Jan 22 '18 at 21:33
  • Yeah I ran into the same issue with the links not working, I used Google cache to view them. Still not sure which is "better" or if they would work in a VMware environment or if I would need an external key management server. – Thorin Jan 22 '18 at 22:00

1 Answers1

1

According to Microsoft Bitlocker is FIPS 140-2 approved when used with AES-256 without the elephant diffuser enabled. The elephant diffuser is designed to prevent CBC bit-flipping attacks: rather than a bit flip affecting one bit in the subsequent block, it would affect more (50% on average, IIRC). NIST CSRC also lists both CBC and XTS modes as FIPS 140-2 approved, though it's not clear if this applies to all of Bitlocker.

David
  • 15,814
  • 3
  • 48
  • 73
  • Thanks, I read something about FIPS wanting the keys stored off the server in some KMS or something else vs on the server using password only? Since its a VMware guest it doesn't have a TPM so I would need to use some kind of virutal TPM or similar to get the key off the system. – Thorin Jan 23 '18 at 21:17