[dm-crypt] Efficacy of xts over 1TB

Christoph Anton Mitterer christoph.anton.mitterer at physik.uni-muenchen.de
Sun Jul 25 15:14:24 CEST 2010


On Sun, 2010-07-25 at 14:25 +0200, Milan Broz wrote:
> Just please note one thing, which is dm-crypt special here:
> 
> default "plain IV" is 32 bit only, so if anyone uses it on >2TB partition
> some sectors shares IV (IV generator restarts, opening it to to watermarking
> and similar attacks).
> 
> Please _always_ use plain64 (*aes-xts-plain64*) if you want use it for large
> devices. (plain64 produces the same IV for <2TB.
> Available since 2.6.33, Truecrypt 7 already does that, thanks:-)

1) What's the maximum size a partition can (securely) have with plain64?

2) Is plain64 solwer than the the normal plain? If not,... and even
if,.. wouldn't it be better to let "plain" be what currently "plain64"
is and to add a e.g. "plain32" or so, which people can use if the really
know what they're doing?

3) In any case,.. this should go in the FAQ, Arno, can you add this
please?


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20100725/c8bce0fe/attachment.bin>


More information about the dm-crypt mailing list