[dm-crypt] Using plain64/plain IV (initialisation vector) in dm-crypt

Milan Broz mbroz at redhat.com
Tue Jul 27 10:46:44 CEST 2010

This thread is going crazy... :)

1) Facts about using plain IV generator:

- "plain" IV is 32bit only, supported by all kernels
- you should avoid using it for >2TB devices
- it will remain this way because of backward compatibility (howgh:-)

- "plain64" is fully 64bit, available since kernel 2.6.33
- for device < 2TB it produces the same output as "plain"

=> use plain64 for new devices if you want to use tweakable encryption
mode like XTS (or LRW), e.g. cryptsetup -c aes-xts-plain64

Never use plain* IV for CBC mode, use ESSIV there.
<joke>If you are using ECB mode, you are lost anyway.</joke>

2) crypsetup should have always safe defaults.
It is aes-cbc-essiv:sha256 with 256bit key currently.

3) For the resize - we cannot catch all situations, someone can
dd LUKS disk to another bigger volume without "resize" command.

Tools will suggest using plain64 but it cannot force it.

> So you guess the the 1TB limit could be actually ...

Forgot about 1TB limit, it is different XTS only problem.
We mixed up two unrelated problems here.


More information about the dm-crypt mailing list