On Mon, 2010-07-26 at 10:53 +0200, Arno Wagner wrote: > > Well but as far as I understand, this means that the same IV could be > > used in multiple sectors (after the 32bit), right? > Err, no? That would be "after 64 bit". Uhm why? If we have 64, bits but the upper 32 are masked 0 as far as I understood... ? > If you go over 64 bit sector numbers, definitely. However it is > hard to quantify how large this impact would be. But 64bit 512byte sectors would allow us a ~9,4 ZB device, right? So that is unlikely to happen the next... say 3 years or so ;) > > I see... what about this idea: > > In newer releases of cryptsetup, give a warning whenever people use > > "plain" suggesting them to use "plain64"?! > I like this approach. Thanks :) perhaps better than a warning would even be some interactive question. > I think this is out of scope. Somebody rezising an encrypted device > without looking into the limits of the encryption used, is asking > for trouble. Also there will be a FAQ entry on resizing ;-) Well... if my calculation above is correct, we'd at least never leave the scope with plain 64. Nevertheless... it would be at least possible to change luksResize to print a warning,.. but of course this won't happen in all cases (plain dm-crypt, close/reopen), which is why I suggested plain64 to be generally used,.. especially if it has not drawbacks. Milan what do you think? Cheers, Chris.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
