From: Milan Broz <mbroz@redhat.com>
To: dm-crypt@saout.de
Subject: Re: [dm-crypt] 1,5 TB partition: use cbc-essiv or xts-plain?
Date: Tue, 04 Aug 2009 09:42:12 +0200 [thread overview]
Message-ID: <4A77E654.5000606@redhat.com> (raw)
In-Reply-To: <20090803234824.190ea23a@gmail.com>
Moji wrote:
> This includes newer ciphers because the more data you encrypt with a single key,
> and right now dm-crypt only allows for single keys, the more susceptible your algorithm
> is regardless which one you use.
Just small note: dm-crypt (kernel part) have one key per mapped segment,
you can create as many segments with different keys (even with different algorithms)
(imagine simple Logical Volume in LVM split over several areas of disk -
the same logic can be used for crypt segments.)
Another option is stacking - create several encrypted devices and and
map another volume(s) over it (LVM over LUKS is exactly that).
Only userspace (cryptsetup) is not able to configure it easily - you have to use
dmsetup directly (or stack LVM/MD over several LUKS devices).
Milan
--
mbroz@redhat.com
next prev parent reply other threads:[~2009-08-04 7:42 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-03 12:53 [dm-crypt] 1,5 TB partition: use cbc-essiv or xts-plain? Henrik Theiling
2009-08-03 14:34 ` Heinz Diehl
2009-08-03 16:16 ` Henrik Theiling
2009-08-03 17:34 ` Heinz Diehl
2009-08-03 17:37 ` Heinz Diehl
2013-01-03 9:50 ` Peter Pfundstein
2009-08-03 14:43 ` [dm-crypt] E3E-2A1 - 1, 5 " Heinz Diehl
2009-08-03 20:48 ` [dm-crypt] 1,5 " Moji
2009-08-04 7:42 ` Milan Broz [this message]
2009-08-04 13:01 ` Henrik Theiling
2009-08-03 21:46 ` Moji
2009-08-04 13:27 ` Henrik Theiling
2009-08-04 13:55 ` Moji
2009-08-06 11:02 ` Salatiel Filho
2009-08-06 14:32 ` Henrik Theiling
2009-08-06 15:24 ` Heinz Diehl
2009-08-06 16:00 ` Salatiel Filho
2009-08-06 16:02 ` Salatiel Filho
2009-08-07 12:16 ` Salatiel Filho
2009-08-07 12:20 ` Salatiel Filho
2009-08-07 16:00 ` Salatiel Filho
2009-08-08 8:27 ` Heinz Diehl
2009-08-08 10:03 ` Salatiel Filho
2009-08-06 15:43 ` Sam
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4A77E654.5000606@redhat.com \
--to=mbroz@redhat.com \
--cc=dm-crypt@saout.de \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox