[dm-crypt] Efficacy of xts over 1TB

Arno Wagner arno at wagner.name
Mon Jul 26 23:07:41 CEST 2010

On Mon, Jul 26, 2010 at 10:38:06PM +0200, Christoph Anton Mitterer wrote:
> On Mon, 2010-07-26 at 02:14 +0200, Milan Broz wrote:
> > Imagine that someone today has LUKS device of >2TB and data on it. Switch
> > to full 64 bit "plain" IV will change IV for all sectors above 2TB limit.
> > I think users prefer read data from there instead of random noise:-)
> Are you really sure?! ;)  ... would be a nice /dev/random alternative or
> so ^^
> > So question is if XTS is ok for such large drives - the 1TB mentioned limit
> > elsewhere is possible misinterpretation (block size/device size confusion?).
> > 
> > (... real answer must come from an expert in cryptography based on proper analysis.)
> So you guess the the 1TB limit could be actually a "don't have blocks
> larger than 1TB" limit?!

Actually, it is the "plain" implementation that causes a 2TB limit 
because of repeating IVs. XTS has a block size limit, at 2^20 bits, 
(I think) but it is a recommended limit. As 512 bytes we are well 
below that :-)
> > Anyway, distro maintainer can set default using configure switch already
> > --with-luks1-mode=xts (see also other switches).
> > 
> > So if you want to switch default in Debian, no problem:-)
> I seem to have rather bad luck in moving cryptsetup things at distro
> level... ;)



Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno at wagner.name 
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of 
"news" is "something that hardly ever happens." -- Bruce Schneier 

More information about the dm-crypt mailing list