From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pd0-x232.google.com (mail-pd0-x232.google.com [IPv6:2607:f8b0:400e:c02::232]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mail.server123.net (Postfix) with ESMTPS for ; Sat, 3 Jan 2015 09:19:08 +0100 (CET) Received: by mail-pd0-f178.google.com with SMTP id r10so24970450pdi.9 for ; Sat, 03 Jan 2015 00:19:06 -0800 (PST) Received: from sita-lt.atc.tcs.com ([117.216.214.95]) by mx.google.com with ESMTPSA id v3sm48613891pdf.22.2015.01.03.00.19.03 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 03 Jan 2015 00:19:04 -0800 (PST) Message-ID: <54A7A5F4.5000908@gmail.com> Date: Sat, 03 Jan 2015 13:49:00 +0530 From: Sitaram Chamarty MIME-Version: 1.0 References: <1420240701.2680.36.camel@genodeftest.de> <20150103060055.GB31120@tansi.org> In-Reply-To: <20150103060055.GB31120@tansi.org> Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] security: improve defaults List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 01/03/2015 11:30 AM, Arno Wagner wrote: > On Sat, Jan 03, 2015 at 00:18:21 CET, Christian Stadelmann wrote: >> cipher: aes-cbc-essiv (default in plain mode) >> There are known attacs against aes-cbc-essiv which lead to using aes-xts >> as default cipher in LUKS mode. Is there any reason why it should not be >> used in plain mode? > > Simple: Backwards compatibility. As plain mode does not > have a header, this would break old uses. Anybody that wants > it can already use XTS. seconded; I rely on this -- please don't change this :-) Christian: anyone who is using dm-crypt in plain mode *already* knows what he is doing. If they don't, they should not be using plain mode. There is no need for you or me to worry about them, in my opinion.