From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <wagner@tansi.org>
Received: from tansi.org (ns.km10532-04.keymachine.de [87.118.102.195])
	by mail.saout.de (Postfix) with ESMTP
	for <dm-crypt@saout.de>; Mon, 26 Jul 2010 23:07:42 +0200 (CEST)
Received: from gatewagner.dyndns.org (84-74-164-239.dclient.hispeed.ch
	[84.74.164.239]) by tansi.org (Postfix) with ESMTPA id CE9C41218320
	for <dm-crypt@saout.de>; Mon, 26 Jul 2010 23:07:41 +0200 (CEST)
Date: Mon, 26 Jul 2010 23:07:41 +0200
From: Arno Wagner <arno@wagner.name>
Message-ID: <20100726210741.GC24052@tansi.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: Re: [dm-crypt] Efficacy of xts over 1TB
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
	<mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On Mon, Jul 26, 2010 at 10:38:06PM +0200, Christoph Anton Mitterer wrote:
> On Mon, 2010-07-26 at 02:14 +0200, Milan Broz wrote:
> > Imagine that someone today has LUKS device of >2TB and data on it. Swit=
ch
> > to full 64 bit "plain" IV will change IV for all sectors above 2TB limi=
t.
> > I think users prefer read data from there instead of random noise:-)
> Are you really sure?! ;)  ... would be a nice /dev/random alternative or
> so ^^
>=20
>=20
> > So question is if XTS is ok for such large drives - the 1TB mentioned l=
imit
> > elsewhere is possible misinterpretation (block size/device size confusi=
on?).
> >=20
> > (... real answer must come from an expert in cryptography based on prop=
er analysis.)
> So you guess the the 1TB limit could be actually a "don't have blocks
> larger than 1TB" limit?!

Actually, it is the "plain" implementation that causes a 2TB limit=20
because of repeating IVs. XTS has a block size limit, at 2^20 bits,=20
(I think) but it is a recommended limit. As 512 bytes we are well=20
below that :-)
=20
> > Anyway, distro maintainer can set default using configure switch already
> > --with-luks1-mode=3Dxts (see also other switches).
> >=20
> > So if you want to switch default in Debian, no problem:-)
> I seem to have rather bad luck in moving cryptsetup things at distro
> level... ;)

Well...

Arno

--=20
Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@wagner.nam=
e=20
GnuPG:  ID: 1E25338F  FP: 0C30 5782 9D93 F785 E79C  0296 797F 6B50 1E25 338F
----
Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans

If it's in the news, don't worry about it.  The very definition of=20
"news" is "something that hardly ever happens." -- Bruce Schneier=20