[dm-crypt] Efficacy of xts over 1TB

Milan Broz mbroz at redhat.com
Sun Jul 25 15:52:18 CEST 2010

On 07/25/2010 03:14 PM, Christoph Anton Mitterer wrote:

> 1) What's the maximum size a partition can (securely) have with plain64?

not talking about encryption mode security, just about plain IV:

plain 64 is just 64bit unsigned (512b sector number with optional initial
offset), sector are also 64bit, so limit is the same like maximum block
device in Linux currently.

> 2) Is plain64 solwer than the the normal plain? If not,... and even
> if,.. wouldn't it be better to let "plain" be what currently "plain64"
> is and to add a e.g. "plain32" or so, which people can use if the really
> know what they're doing?

It is not slower (plain uses 64bit too but with masking 32bits out,
I guess this is some cryptoloop legacy)

plain64 discussion was already in this list - we cannot change plain because
of backward compatibility (Imagine old 4TB LUKS device ("plain" iv mode in header)
- after this change everything above 2TB is garbage.)
I prefer keep small open problem here (only few such systems in fact) to
destroying users data for sure.
(I can add warning/hint to cryptsetup binary if using large device.)

Default modes in cryptsetup now use essiv:sha256 (no problem here).
Mainly for backward compatibility (best compatible/safe mode,
e.g. RHEL/CentOS5 do not have XTS yet), otherwise I personally prefer XTS mode:-)

You have to set -c cipher-mode-plain manually, I expect you know what
are you doing then.
> 3) In any case,.. this should go in the FAQ, Arno, can you add this
> please?

yes, I thought it is already there...


More information about the dm-crypt mailing list