From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mail.saout.de (Postfix) with ESMTP for ; Sun, 25 Jul 2010 20:11:59 +0200 (CEST) Received: from int-mx04.intmail.prod.int.phx2.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.17]) by mx1.redhat.com (8.13.8/8.13.8) with ESMTP id o6PIBwJG011253 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for ; Sun, 25 Jul 2010 14:11:58 -0400 Received: from [10.36.6.65] (vpn1-6-65.ams2.redhat.com [10.36.6.65]) by int-mx04.intmail.prod.int.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id o6PIBsSY005508 for ; Sun, 25 Jul 2010 14:11:57 -0400 Message-ID: <4C4C7E6A.4090109@redhat.com> Date: Sun, 25 Jul 2010 20:11:54 +0200 From: Milan Broz MIME-Version: 1.0 References: <20100725103458.GA26486@tansi.org> <4C4C2D3C.40306@redhat.com> <20100725152855.GA30894@tansi.org> In-Reply-To: <20100725152855.GA30894@tansi.org> Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Re: [dm-crypt] Efficacy of xts over 1TB List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , To: dm-crypt@saout.de On 07/25/2010 05:28 PM, Arno Wagner wrote: > On Sun, Jul 25, 2010 at 02:25:32PM +0200, Milan Broz wrote: >> Seriously, XTS-AES is FIPS140-2 approved and I see no problem to use it. > > Well, I basically do not see the algorithm. Maybe searching for 15 > Minutes was not enough, but when something is hidden in Crypto, > I always become very suspicuous. Draft is here (referenced from Linux kernel crypt XTS implementation) http://grouper.ieee.org/groups/1619/email/pdf00086.pdf Milan