I personally doubt there is any cipher+scheme that is 'save', if you can get a hand on 16 TB of encrypted data (an thus have enough data for analysis). Are you using a hardware raid for those 16TB? Concerning supported ciphers and modes of operation cat /proc/crypto should give you a vague idea. the usual syntax, btw. ist: algorithm-block mode-initialization vector afaik, so benbi would be a scheme/algorithm for initialization vectors as ESSIV (i.e.) Regards -Sven On Mon, March 9, 2009 17:29, Hari Sekhon wrote: > Stefan X wrote: >> Hi! >> For years I was thinking the ESSIV cipher mode is supposed to be the >> preferred mode. Now I discovered that new cipher modes LRW and XTS >> exist. Wikipedia provides some background information: >> http://en.wikipedia.org/wiki/Disk_encryption_theory . >> >> It seems that XTS is modern and the way to go but which cipher mode do >> you recommend? Is XTS also suitable/secure for 1,5 terabyte, while I >> read it is secure for up to 1 TB only? And what is "benbi" in >> "aes-lrw-benbi"? Which modes exist at all, how to get a list of >> supported modes by my system, and which is the default one? >> > > I too would also like to know which cipher is best for very large block > devices... ie 16TB if anyone has any ideas that would be great. I don't > like the idea of carving up my 16TB into 16 x 1TB and then gluing it > back together if I don't have to. > > Thanks > > -h > > -- > Hari Sekhon > Always open to interesting opportunities > http://www.linkedin.com/in/harisekhon > > > --------------------------------------------------------------------- > dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ > To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx > For additional commands, e-mail: dm-crypt-help@xxxxxxxx > > --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
