Re: Efficacy of xts over 1TB

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Sun, 2010-07-25 at 14:25 +0200, Milan Broz wrote:
> Just please note one thing, which is dm-crypt special here:
> 
> default "plain IV" is 32 bit only, so if anyone uses it on >2TB partition
> some sectors shares IV (IV generator restarts, opening it to to watermarking
> and similar attacks).
> 
> Please _always_ use plain64 (*aes-xts-plain64*) if you want use it for large
> devices. (plain64 produces the same IV for <2TB.
> Available since 2.6.33, Truecrypt 7 already does that, thanks:-)

1) What's the maximum size a partition can (securely) have with plain64?

2) Is plain64 solwer than the the normal plain? If not,... and even
if,.. wouldn't it be better to let "plain" be what currently "plain64"
is and to add a e.g. "plain32" or so, which people can use if the really
know what they're doing?

3) In any case,.. this should go in the FAQ, Arno, can you add this
please?


Cheers,
Chris.

Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
dm-crypt mailing list
dm-crypt@xxxxxxxx
http://www.saout.de/mailman/listinfo/dm-crypt

[Index of Archives]     [Device Mapper Devel]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Packaging]     [Fedora SELinux]     [Yosemite News]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux