[dm-crypt] Efficacy of xts over 1TB
Christoph Anton Mitterer
christoph.anton.mitterer at physik.uni-muenchen.de
Mon Jul 26 22:47:43 CEST 2010
On Mon, 2010-07-26 at 10:53 +0200, Arno Wagner wrote:
> > Well but as far as I understand, this means that the same IV could be
> > used in multiple sectors (after the 32bit), right?
> Err, no? That would be "after 64 bit".
Uhm why? If we have 64, bits but the upper 32 are masked 0 as far as I
> If you go over 64 bit sector numbers, definitely. However it is
> hard to quantify how large this impact would be.
But 64bit 512byte sectors would allow us a ~9,4 ZB device, right? So
that is unlikely to happen the next... say 3 years or so ;)
> > I see... what about this idea:
> > In newer releases of cryptsetup, give a warning whenever people use
> > "plain" suggesting them to use "plain64"?!
> I like this approach.
Thanks :) perhaps better than a warning would even be some interactive
> I think this is out of scope. Somebody rezising an encrypted device
> without looking into the limits of the encryption used, is asking
> for trouble. Also there will be a FAQ entry on resizing ;-)
Well... if my calculation above is correct, we'd at least never leave
the scope with plain 64.
Nevertheless... it would be at least possible to change luksResize to
print a warning,.. but of course this won't happen in all cases (plain
dm-crypt, close/reopen), which is why I suggested plain64 to be
generally used,.. especially if it has not drawbacks.
Milan what do you think?
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3387 bytes
Desc: not available
More information about the dm-crypt