[dm-crypt] Switch to XTS mode for LUKS in cryptsetup in 1.6.0 (Was Re: [ANNOUNCE] cryptsetup 1.6.0-rc1)

Arno Wagner arno at wagner.name
Sat Jan 5 18:20:34 CET 2013

On Fri, Jan 04, 2013 at 11:39:43PM +0100, Milan Broz wrote:
> On 01/04/2013 11:05 PM, Arno Wagner wrote:
> > Hmm, reading this again, and the discussion comments by 
> > Schneier, maybe we should use AES128 as default. 
> > AES256 might indeed be somewhat weaker than AES128. 
> But please note this is from 2009. There are some new recent
> papers related even to AES128.
> To cite the same source...
> http://www.schneier.com/blog/archives/2011/08/new_attack_on_a_1.html
> Dunno. aes128-xts is perhaps enough (and the keyslot size remains
> the same).
> > 
> > Not that either can be broken at this time. 
> > 
> > One idea: With AES256+XTS, the keyslot-area is larger.
> > If somebody wants to re-encrypt AES256+CBC in place,
> > they would need to use AES128+XTS anyways. Correct?
> reencrypt tool supports data shift, so you just need to add some
> space or reduce fs in advance. But yes, it is more complicated.

What does RHEL use and recommend? Do they always use
AES256-XTS or is AES128-XTS offered as an option (not when
douing this manually via commandline). I think there would
be some benefit to have the same defauls in distro-independent
I think the security levels of AES128 and AES256 are not
different enough that we should ecide on that alone or
even as main criterium. 

> > That would be a second reason to use AES128.
> > 
> > Well, things are never simple when security is concerned...
> I think there is only one simple situation in cryptography...
> Once is something broken, it remains broken forever :-)

Yes, indeed :-)

Arno Wagner,     Dr. sc. techn., Dipl. Inform.,    Email: arno at wagner.name
GnuPG: ID: CB5D9718  FP: 12D6 C03B 1B30 33BB 13CF  B774 E35C 5FA1 CB5D 9718
One of the painful things about our time is that those who feel certainty
are stupid, and those with any imagination and understanding are filled
with doubt and indecision. -- Bertrand Russell

More information about the dm-crypt mailing list