[dm-crypt] Efficacy of xts over 1TB

Milan Broz mbroz at redhat.com
Mon Jul 26 02:14:25 CEST 2010

On 07/26/2010 12:37 AM, Christoph Anton Mitterer wrote:

>> I prefer keep small open problem here (only few such systems in fact) to
>> destroying users data for sure.
> Uhm,.. what do you mean?

Imagine that someone today has LUKS device of >2TB and data on it. Switch
to full 64 bit "plain" IV will change IV for all sectors above 2TB limit.
I think users prefer read data from there instead of random noise:-)

So question is if XTS is ok for such large drives - the 1TB mentioned limit
elsewhere is possible misinterpretation (block size/device size confusion?).

(... real answer must come from an expert in cryptography based on proper analysis.)

And Loop-aes people will surely mention something about CBC with multikey:-)

>> Mainly for backward compatibility (best compatible/safe mode,
>> e.g. RHEL/CentOS5 do not have XTS yet), otherwise I personally prefer XTS mode:-)
> Are you going to change this someday? I mean to xts?

Dunno, there is still many old distros and people are using cryptsetup
for USB to move data between systems.

Anyway, distro maintainer can set default using configure switch already
--with-luks1-mode=xts (see also other switches).

So if you want to switch default in Debian, no problem:-)


More information about the dm-crypt mailing list