[dm-crypt] Efficacy of xts over 1TB
arno at wagner.name
Mon Jul 26 23:01:07 CEST 2010
On Mon, Jul 26, 2010 at 10:47:43PM +0200, Christoph Anton Mitterer wrote:
> On Mon, 2010-07-26 at 10:53 +0200, Arno Wagner wrote:
> > > Well but as far as I understand, this means that the same IV could be
> > > used in multiple sectors (after the 32bit), right?
> > Err, no? That would be "after 64 bit".
> Uhm why? If we have 64, bits but the upper 32 are masked 0 as far as I
> understood... ?
For plain. Not for plain64, i.e. plain is plain 64 with 32 bits
masked and plain64 is full 64 bits.
> > If you go over 64 bit sector numbers, definitely. However it is
> > hard to quantify how large this impact would be.
> But 64bit 512byte sectors would allow us a ~9,4 ZB device, right? So
> that is unlikely to happen the next... say 3 years or so ;)
I hope so ;-)
> > > I see... what about this idea:
> > > In newer releases of cryptsetup, give a warning whenever people use
> > > "plain" suggesting them to use "plain64"?!
> > I like this approach.
> Thanks :) perhaps better than a warning would even be some interactive
> > I think this is out of scope. Somebody rezising an encrypted device
> > without looking into the limits of the encryption used, is asking
> > for trouble. Also there will be a FAQ entry on resizing ;-)
> Well... if my calculation above is correct, we'd at least never leave
> the scope with plain 64.
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name
GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans
If it's in the news, don't worry about it. The very definition of
"news" is "something that hardly ever happens." -- Bruce Schneier
More information about the dm-crypt