From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gmazyland@gmail.com>
Received: from mail.saout.de ([127.0.0.1])
 by localhost (mail.saout.de [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id BWqBJQfo6BDd for <dm-crypt@saout.de>;
 Sat,  5 Jan 2013 19:25:55 +0100 (CET)
Received: from mail-ea0-f175.google.com (mail-ea0-f175.google.com
 [209.85.215.175])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (No client certificate requested)
 by mail.saout.de (Postfix) with ESMTPS
 for <dm-crypt@saout.de>; Sat,  5 Jan 2013 19:25:55 +0100 (CET)
Received: by mail-ea0-f175.google.com with SMTP id h11so7112377eaa.34
 for <dm-crypt@saout.de>; Sat, 05 Jan 2013 10:25:55 -0800 (PST)
Message-ID: <50E87030.3070004@gmail.com>
Date: Sat, 05 Jan 2013 19:25:52 +0100
From: Milan Broz <gmazyland@gmail.com>
MIME-Version: 1.0
References: <50DF635C.90003@gmail.com> <50E6C1EC.1000307@gmail.com>
 <50E6C2B6.30505@ramses-pyramidenbau.de> <50E6C899.2060407@gmail.com>
 <20130104162652.GB22218@tansi.org> <20130104202025.GA23856@fancy-poultry.org>
 <50E741FB.6050000@gmail.com> <20130104220526.GB23626@tansi.org>
 <50E75A2F.4090102@gmail.com> <20130105172034.GA2859@tansi.org>
In-Reply-To: <20130105172034.GA2859@tansi.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [dm-crypt] Switch to XTS mode for LUKS in cryptsetup in 1.6.0
 (Was Re: [ANNOUNCE] cryptsetup 1.6.0-rc1)
List-Id: <dm-crypt.saout.de>
List-Unsubscribe: <http://www.saout.de/mailman/options/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=unsubscribe>
List-Archive: <http://www.saout.de/pipermail/dm-crypt/>
List-Post: <mailto:dm-crypt@saout.de>
List-Help: <mailto:dm-crypt-request@saout.de?subject=help>
List-Subscribe: <http://www.saout.de/mailman/listinfo/dm-crypt>,
 <mailto:dm-crypt-request@saout.de?subject=subscribe>
To: dm-crypt@saout.de

On 01/05/2013 06:20 PM, Arno Wagner wrote:

> What does RHEL use and recommend? Do they always use
> AES256-XTS or is AES128-XTS offered as an option (not when
> douing this manually via commandline). I think there would
> be some benefit to have the same defauls in distro-independent
> cryptsetup.

- Encrypted disk installation is using AES-XTS with 512bit key.
(installer overwrites default. But I know there was no
real discussion about AES18/256 before this was changed.)
Installed (anaconda) doesn't allow default cipher/key size change
but allows to "reuse" existing LUKS device.

- compiled-in cryptsetup default is the same as upstream (CBC with ESSIV)
(RHEL7 will use XTS as default, I would like to see the same
default as upstream.)
(This was mainly for compatibility reasons but now even RHEL5 can
map XTS LUKS discs.)

- RHEL in FIPS mode (dmcrypt/LUKS module is still not validated though)
allows CBC (only with ESSIV) and XTS with AES128/192/256

Well, I can get more info from independent people here internally.

My current opinion is to use aes-xts-plain64 with 256bit key
(IOW use AES128) as independent default for LUKS.

Milan