luks and aes-ni

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,
Short version: If I had a CPU with the aes-ni [1] feature would luks use it?

I know that Upstream Vendors Security Guide [2] says:

...snip
The default cipher used for LUKS (refer to cryptsetup --help) is
aes-cbc-essiv:sha256 (ESSIV - Encrypted Salt-Sector Initialization
Vector). Note that the installation program, Anaconda, uses by default
XTS mode (aes-xts-plain64)
snap...

I also found a notion in the forums that maybe only aes-cbc is using
aes-ni [3] and that could mean that after a install aes-ni is not used
at all.

Does anyone know about this or has experiences?

[1] http://en.wikipedia.org/wiki/AES_instruction_set

[2]
https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html

[3]
http://forum.centos.org/modules/newbb/viewtopic.php?topic_id=38226&forum=56&post_id=166657#forumpost166657
-- 
Kind Regards, Markus Falb

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux