[dm-crypt] Switch to XTS mode for LUKS in cryptsetup in 1.6.0 (Was Re: [ANNOUNCE] cryptsetup 1.6.0-rc1)
arno at wagner.name
Fri Jan 4 17:17:03 CET 2013
On Fri, Jan 04, 2013 at 12:50:04PM +0100, Milan Broz wrote:
> On 12/29/2012 10:40 PM, Milan Broz wrote:
> > The testing release candidate cryptsetup 1.6.0-rc1 is available at
> > http://code.google.com/p/cryptsetup/
> > Feedback and bug reports are welcomed.
> > Cryptsetup 1.6.0 Release Notes (RC1)
> I am going to do one more important change to final 1.6.0:
> change LUKS _default_ cipher to aes-xts-plain64 with 512bits key.
I think this is a very good idea.
> Most of recent disk encryption systems switched already to XTS mode,
> also it is preferred by standards (and we are using it for very long
> time in Fedora/RHEL during installations.)
> Distro maintainers can always overwrite this during compilation time,
> and user can use -c aes-cbc-essiv:sha256 -s 256 to old mode always.
> (Plain mode have to stay with CBC, change would cause compatibility problems.)
> Any serious objections to not do that now?
> dm-crypt mailing list
> dm-crypt at saout.de
Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno at wagner.name
GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell
More information about the dm-crypt