[dm-crypt] Switch to XTS mode for LUKS in cryptsetup in 1.6.0 (Was Re: [ANNOUNCE] cryptsetup 1.6.0-rc1)

Arno Wagner arno at wagner.name
Fri Jan 4 17:17:03 CET 2013


On Fri, Jan 04, 2013 at 12:50:04PM +0100, Milan Broz wrote:
> On 12/29/2012 10:40 PM, Milan Broz wrote:
> > The testing release candidate cryptsetup 1.6.0-rc1 is available at
> > 
> >    http://code.google.com/p/cryptsetup/
> > 
> > Feedback and bug reports are welcomed.
> > 
> > Cryptsetup 1.6.0 Release Notes (RC1)
> 
> 
> I am going to do one more important change to final 1.6.0:
> change LUKS _default_ cipher to aes-xts-plain64 with 512bits key.

I think this is a very good idea.

Arno
 
> Most of recent disk encryption systems switched already to XTS mode,
> also it is preferred by standards (and we are using it for very long
> time in Fedora/RHEL during installations.)
> 
> Distro maintainers can always overwrite this during compilation time,
> and user can use -c aes-cbc-essiv:sha256 -s 256 to old mode always.
> 
> (Plain mode have to stay with CBC, change would cause compatibility problems.)
> 
> Any serious objections to not do that now?
> 
> Milan
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

-- 
Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
----
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell


More information about the dm-crypt mailing list