On Thu, 30 Jul 2009 11:51:48 +0200, Clemens Fruhwirth wrote: >On Thu, Jul 30, 2009 at 10:30 AM, Sarah Dean<sdean12@xxxxxxxxxxx> wrote: >> On Thu, 30 Jul 2009 10:04:42 +0200, Clemens Fruhwirth wrote: >>>If the former is the case, we can rule out that there >>>existing installations and go ahead with that. If it's the latter >>>case, we can not change the semantics of an existing keyword, as this >>>would corrupt people's data after the 2TB boundary. >> >> i.e. plain and plain64 instead of plain32 and plain >> >> Sounds reasonable as long as it's clearly documented, which shouldn't >> be a problem. > >No, we can not change defaults for encryption, neither on the >kernel<->userland interface nor any command-line defaults for >cryptsetup. There is nothing that prevents data corruption in that >area and you might never now what combinations are used in the wild. > >Also if we accept the hypothesis that all users read the documentation >properly, I suggest we put "do not use the plain iv-mode" in there. > >Btw: what are the actual problems associated with IV/tweak reuse on XTR? I'm not sure I follow you; how would adding plain64 would cause problems for anyone? It doesn't exist atm, so how any it cause data corruption - unless it's added, and people using volumes > 2TB switch to it without understanding what impact changing to it has - in which case surely it would be sensible to document its effect?! -- Sarah Dean FreeOTFE site: http://www.FreeOTFE.org/ Personal site: http://www.SDean12.org/ For information on SecureTrayUtil, Shredders, On-The-Fly Encryption (OTFE) systems, etc, see the URLs above. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
