On Thu, Jul 30, 2009 at 10:30 AM, Sarah Dean<sdean12@xxxxxxxxxxx> wrote: > On Thu, 30 Jul 2009 10:04:42 +0200, Clemens Fruhwirth wrote: >>If the former is the case, we can rule out that there >>existing installations and go ahead with that. If it's the latter >>case, we can not change the semantics of an existing keyword, as this >>would corrupt people's data after the 2TB boundary. > > i.e. plain and plain64 instead of plain32 and plain > > Sounds reasonable as long as it's clearly documented, which shouldn't > be a problem. No, we can not change defaults for encryption, neither on the kernel<->userland interface nor any command-line defaults for cryptsetup. There is nothing that prevents data corruption in that area and you might never now what combinations are used in the wild. Also if we accept the hypothesis that all users read the documentation properly, I suggest we put "do not use the plain iv-mode" in there. Btw: what are the actual problems associated with IV/tweak reuse on XTR? -- Fruhwirth Clemens http://clemens.endorphin.org --------------------------------------------------------------------- dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/ To unsubscribe, e-mail: dm-crypt-unsubscribe@xxxxxxxx For additional commands, e-mail: dm-crypt-help@xxxxxxxx