Sarah Dean wrote: > On Thu, 30 Jul 2009 10:04:42 +0200, Clemens Fruhwirth wrote: > >> On Wed, Jul 29, 2009 at 11:21 AM, Brett Hewes<j1252621@xxxxxxxxx> wrote: >>> Hi, >>> >>> I found your e-mail in the the dm-crypt.c source code. The current Hm. Clemens, should I change that mail to dm-devel or dm-crypt mailing list? >>> implementation of crypt_iv_plain_gen() is limited by 32 bits. The xts-plain >>> mode can be used only for drives < 2 Terabytes. I think the current plain >>> mode should be renamed to plain32 and the new plain mode should support >>> 64-bit sector number. >> What does it do for 2 TB partitions? Die painfully, or silently >> overflow? > > Not something I've tried (I don't have that kind of storage atm!), > though looking at the code it's masked with 0xffffffff, so I'd expect > it to silently reset back to 0 it should reset back. That's not nice situation. I can write patch to add plain64. But we have to maintain backward compatibility... >> If the former is the case, we can rule out that there >> existing installations and go ahead with that. If it's the latter >> case, we can not change the semantics of an existing keyword, as this >> would corrupt people's data after the 2TB boundary. Kernel dm-crypt have no idea what is existing installation and what is new, it just receives configuration string. Handle this in cryptsetup is possible but it does not solve all situations. (there are many scripts when cryptsetup is not used at all, and truecrypt with dm-crypt backend etc...) - existing mapping for >2TB disk must still use 32bit IV mask, otherwise it will corrupt data - old kernel does not understand -plain64 IV, so it will break compatibility ... well, seems that luksFormat for >2TB should request new dm-crypt code and force to use of plain64 (if plain IV requested) (...for >1TB and XTS mode is better to use several dm-crypt segments with different key anyway) and plain just remains 32bit, properly documented... dmcrypt can print warning too. Milan -- mbroz@xxxxxxxxxx --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx
