From: Andrea Arcangeli <andrea@suse.de>
To: "Albert D. Cahalan" <acahalan@cs.uml.edu>
Cc: Herbert Valerio Riedel <hvr@hvrlab.org>,
linux-kernel@vger.kernel.org, axboe@suse.de
Subject: Re: RFC: block/loop.c & crypto
Date: Mon, 23 Jul 2001 04:08:46 +0200 [thread overview]
Message-ID: <20010723040846.F23517@athlon.random> (raw)
In-Reply-To: <20010723002158.A23517@athlon.random> <200107230147.f6N1lQV200016@saturn.cs.uml.edu>
In-Reply-To: <200107230147.f6N1lQV200016@saturn.cs.uml.edu>; from acahalan@cs.uml.edu on Sun, Jul 22, 2001 at 09:47:26PM -0400
On Sun, Jul 22, 2001 at 09:47:26PM -0400, Albert D. Cahalan wrote:
> Andrea Arcangeli writes:
> > On Sun, Jul 22, 2001 at 08:53:50PM +0200, Herbert Valerio Riedel wrote:
>
> >> security is not the issue; it's more of practical terms... since
> >> 512 byte seems to be the closest practical transfer size (there
> >> isn't any smaller blocksize supported with linux) it seems natural
> >> to use that one....
> >
> > to me it sounds more natural to use the 1k blocksize that seems to
> > be backwards compatible automatically (without the special case),
> > the only disavantage of 1k compared to 512bytes is the decreased
> > security, so if the decreased security is not your concern I'd
> > suggest to use the 1k fixed granularity for the IV. 1k is also the
> > default BLOCK_SIZE I/O granularity used by old linux (which
> > incidentally is why it seems backwards compatible automatically).
>
> Being backwards compatible with non-Linus kernels is less important
> than choosing a block size that is fit for all block devices.
> Disks, partitions, and block-based filesystems are all organized
> in power-of-two multiples of 512 bytes.
>
> The smaller size can handle the larger size; the reverse is not true.
I think you misunderstood the issue, IV granularity has nothing to do
with anything hardware. It is only a software convention.
> We all have to live with the size choice until the end of time.
1k fits for all block devices and filesystems you can invent, but it
also has the bonus that it should also be backwards compatible with the
current crypto transfer API.
As I just said said twice in this thread: the _only_ disavantage of 1k
compared to 512bytes is the decrease security, you will share the same
IV for the double number of bits, that's all. If the security point is
not your concern 1k is better (and a bit faster).
Andrea
next prev parent reply other threads:[~2001-07-23 2:08 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2001-07-22 10:21 RFC: block/loop.c & crypto Herbert Valerio Riedel
2001-07-22 15:03 ` Andrea Arcangeli
2001-07-22 18:53 ` Herbert Valerio Riedel
2001-07-22 22:21 ` Andrea Arcangeli
2001-07-23 1:47 ` Albert D. Cahalan
2001-07-23 2:08 ` Andrea Arcangeli [this message]
[not found] <20010723170038.G822@athlon.random>
2001-07-24 9:56 ` Herbert Valerio Riedel
2001-07-25 20:28 ` Andrea Arcangeli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20010723040846.F23517@athlon.random \
--to=andrea@suse.de \
--cc=acahalan@cs.uml.edu \
--cc=axboe@suse.de \
--cc=hvr@hvrlab.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox