[dm-crypt] Using GCM mode with dm-crypt?

Arno Wagner arno at wagner.name
Fri Dec 31 15:29:06 CET 2010

Are you sure it is faster? Looks slower to me, especially as
paralellism in disk encryption should be done on sector-level

Also, it seems to require additional authentication data 
(the Tag t), which makes it unsuitable for 1:1 sector 


On Fri, Dec 31, 2010 at 02:14:14PM +0300, Igor Novgorodov wrote:
> From  what  i've  read  this  mode  is  faster  than  CBC  due to some
> parallelism,   and   it's   accelerated   by   newer   Intel's  PCLMUL
> instructions.
> But it seems that AES/GCM mode is used only with IPSEC and such.
> Is there any particular reason we cannot use it with disk encryption?
> -- 
> ? ?????????,
>  Igor                          mailto:igor at novg.net
> _______________________________________________
> dm-crypt mailing list
> dm-crypt at saout.de
> http://www.saout.de/mailman/listinfo/dm-crypt

Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list