From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.saout.de ([127.0.0.1]) by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8NKfWEHnr5BZ for ; Sat, 5 Jan 2013 18:20:35 +0100 (CET) Received: from v4.tansi.org (ns.km33513-03.keymachine.de [87.118.94.3]) by mail.saout.de (Postfix) with ESMTP for ; Sat, 5 Jan 2013 18:20:34 +0100 (CET) Received: from gatewagner.dyndns.org (84-74-164-49.dclient.hispeed.ch [84.74.164.49]) by v4.tansi.org (Postfix) with ESMTPA id 971FA2067E5 for ; Sat, 5 Jan 2013 18:20:34 +0100 (CET) Date: Sat, 5 Jan 2013 18:20:34 +0100 From: Arno Wagner Message-ID: <20130105172034.GA2859@tansi.org> References: <50DF635C.90003@gmail.com> <50E6C1EC.1000307@gmail.com> <50E6C2B6.30505@ramses-pyramidenbau.de> <50E6C899.2060407@gmail.com> <20130104162652.GB22218@tansi.org> <20130104202025.GA23856@fancy-poultry.org> <50E741FB.6050000@gmail.com> <20130104220526.GB23626@tansi.org> <50E75A2F.4090102@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <50E75A2F.4090102@gmail.com> Subject: Re: [dm-crypt] Switch to XTS mode for LUKS in cryptsetup in 1.6.0 (Was Re: [ANNOUNCE] cryptsetup 1.6.0-rc1) List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On Fri, Jan 04, 2013 at 11:39:43PM +0100, Milan Broz wrote: > On 01/04/2013 11:05 PM, Arno Wagner wrote: [...] > > Hmm, reading this again, and the discussion comments by > > Schneier, maybe we should use AES128 as default. > > AES256 might indeed be somewhat weaker than AES128. > > But please note this is from 2009. There are some new recent > papers related even to AES128. > > To cite the same source... > http://www.schneier.com/blog/archives/2011/08/new_attack_on_a_1.html > > Dunno. aes128-xts is perhaps enough (and the keyslot size remains > the same). > > > > > Not that either can be broken at this time. > > > > One idea: With AES256+XTS, the keyslot-area is larger. > > If somebody wants to re-encrypt AES256+CBC in place, > > they would need to use AES128+XTS anyways. Correct? > > reencrypt tool supports data shift, so you just need to add some > space or reduce fs in advance. But yes, it is more complicated. What does RHEL use and recommend? Do they always use AES256-XTS or is AES128-XTS offered as an option (not when douing this manually via commandline). I think there would be some benefit to have the same defauls in distro-independent cryptsetup. I think the security levels of AES128 and AES256 are not different enough that we should ecide on that alone or even as main criterium. > > That would be a second reason to use AES128. > > > > Well, things are never simple when security is concerned... > > I think there is only one simple situation in cryptography... > Once is something broken, it remains broken forever :-) Yes, indeed :-) Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., Email: arno@wagner.name GnuPG: ID: CB5D9718 FP: 12D6 C03B 1B30 33BB 13CF B774 E35C 5FA1 CB5D 9718 ---- One of the painful things about our time is that those who feel certainty are stupid, and those with any imagination and understanding are filled with doubt and indecision. -- Bertrand Russell