Hi, Short version: If I had a CPU with the aes-ni [1] feature would luks use it? I know that Upstream Vendors Security Guide [2] says: ...snip The default cipher used for LUKS (refer to cryptsetup --help) is aes-cbc-essiv:sha256 (ESSIV - Encrypted Salt-Sector Initialization Vector). Note that the installation program, Anaconda, uses by default XTS mode (aes-xts-plain64) snap... I also found a notion in the forums that maybe only aes-cbc is using aes-ni [3] and that could mean that after a install aes-ni is not used at all. Does anyone know about this or has experiences? [1] http://en.wikipedia.org/wiki/AES_instruction_set [2] https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-LUKS_Disk_Encryption.html [3] http://forum.centos.org/modules/newbb/viewtopic.php?topic_id=38226&forum=56&post_id=166657#forumpost166657 -- Kind Regards, Markus Falb
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx http://lists.centos.org/mailman/listinfo/centos