[dm-crypt] Efficacy of xts over 1TB

David Santamaría Rogado howl.nsp at gmail.com
Thu Jul 22 16:57:43 CEST 2010


Hello,

Jonas Meurer from Debian Cryptsetup Team has send me this e-mail
address (dm-crypt at saout.de) as this is the best place for my question:

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494584#15, says about
a XTS detriment on security on large filesystems.

But in the wikipedia's discussion:
http://en.wikipedia.org/wiki/Talk:Disk_encryption_theory#Issues_with_XTS

"Issues with XTS

There is also an issue about the size of the filesystem encrypted with
the support of XTS. This is discussed here:
http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/2008-September/002265.html
—Preceding unsigned comment added by 62.2.182.207 (talk) 19:40, 1
April 2010 (UTC)

This is a misconception, since it does not apply to large filesystems
(containing many data units/sectors, which are encrypted totally
indepently), but to very large single data units, i.e.: The size of
any single data unit should not exceed 270 bytes. The data unit size
for a typical filesystem is between 512 and 64536 bytes only
(29/216).93.205.111.251 (talk) 15:37, 2 April 2010 (UTC)"


So, XTS has collision troubles with >500 GB or >1TB of data, or, it's a
misconception and there isn't any issue about this on large
filesystems.

Thanks in advice.


More information about the dm-crypt mailing list