On Mon, Jul 26, 2010 at 10:38:06PM +0200, Christoph Anton Mitterer wrote: > On Mon, 2010-07-26 at 02:14 +0200, Milan Broz wrote: > > Imagine that someone today has LUKS device of >2TB and data on it. Switch > > to full 64 bit "plain" IV will change IV for all sectors above 2TB limit. > > I think users prefer read data from there instead of random noise:-) > Are you really sure?! ;) ... would be a nice /dev/random alternative or > so ^^ > > > > So question is if XTS is ok for such large drives - the 1TB mentioned limit > > elsewhere is possible misinterpretation (block size/device size confusion?). > > > > (... real answer must come from an expert in cryptography based on proper analysis.) > So you guess the the 1TB limit could be actually a "don't have blocks > larger than 1TB" limit?! Actually, it is the "plain" implementation that causes a 2TB limit because of repeating IVs. XTS has a block size limit, at 2^20 bits, (I think) but it is a recommended limit. As 512 bytes we are well below that :-) > > Anyway, distro maintainer can set default using configure switch already > > --with-luks1-mode=xts (see also other switches). > > > > So if you want to switch default in Debian, no problem:-) > I seem to have rather bad luck in moving cryptsetup things at distro > level... ;) Well... Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
