[dm-crypt] Efficacy of xts over 1TB

Christoph Anton Mitterer christoph.anton.mitterer at physik.uni-muenchen.de
Mon Jul 26 22:38:06 CEST 2010


On Mon, 2010-07-26 at 02:14 +0200, Milan Broz wrote:
> Imagine that someone today has LUKS device of >2TB and data on it. Switch
> to full 64 bit "plain" IV will change IV for all sectors above 2TB limit.
> I think users prefer read data from there instead of random noise:-)
Are you really sure?! ;)  ... would be a nice /dev/random alternative or
so ^^


> So question is if XTS is ok for such large drives - the 1TB mentioned limit
> elsewhere is possible misinterpretation (block size/device size confusion?).
> 
> (... real answer must come from an expert in cryptography based on proper analysis.)
So you guess the the 1TB limit could be actually a "don't have blocks
larger than 1TB" limit?!


> Anyway, distro maintainer can set default using configure switch already
> --with-luks1-mode=xts (see also other switches).
> 
> So if you want to switch default in Debian, no problem:-)
I seem to have rather bad luck in moving cryptsetup things at distro
level... ;)


Cheers,
Chris.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3387 bytes
Desc: not available
URL: <http://www.saout.de/pipermail/dm-crypt/attachments/20100726/4d8af699/attachment.bin>


More information about the dm-crypt mailing list