[dm-crypt] Switch to XTS mode for LUKS in cryptsetup in 1.6.0 (Was Re: [ANNOUNCE] cryptsetup 1.6.0-rc1)

Ralf Ramsauer ralf at ramses-pyramidenbau.de
Fri Jan 4 12:53:26 CET 2013


On 01/04/13 12:50, Milan Broz wrote:
> On 12/29/2012 10:40 PM, Milan Broz wrote:
>> The testing release candidate cryptsetup 1.6.0-rc1 is available at
>>
>>    http://code.google.com/p/cryptsetup/
>>
>> Feedback and bug reports are welcomed.
>>
>> Cryptsetup 1.6.0 Release Notes (RC1)
>
> I am going to do one more important change to final 1.6.0:
> change LUKS _default_ cipher to aes-xts-plain64 with 512bits key.
512bits Key?
>
> Most of recent disk encryption systems switched already to XTS mode,
> also it is preferred by standards (and we are using it for very long
> time in Fedora/RHEL during installations.)
>
> Distro maintainers can always overwrite this during compilation time,
> and user can use -c aes-cbc-essiv:sha256 -s 256 to old mode always.
You mean 256bits, don't you?

-
Ralf


More information about the dm-crypt mailing list