On Mon, Jul 26, 2010 at 11:31:56PM +0200, Christoph Anton Mitterer wrote: > On Mon, 2010-07-26 at 23:07 +0200, Arno Wagner wrote: > > > So you guess the the 1TB limit could be actually a "don't have blocks > > > larger than 1TB" limit?! > > Actually, it is the "plain" implementation that causes a 2TB limit > > because of repeating IVs. XTS has a block size limit, at 2^20 bits, > > (I think) but it is a recommended limit. As 512 bytes we are well > > below that :-) > So you mean we have two limits? Yes. One on the block number and one on the block size. > 1) The limit related to the IVs that we get from "plain" after 32bit 512 > byte blocks, or that we would get from plain64 on a Zettabyte device. That is IV limit, i.e. the limit on the block numbers. > 2) Another limit, on the maximum block size (which was misconceived as a > maximum filesystem size) that can be securely used which is that 1TB > thingy? > However we should never hit that one too?! That is the size for the individual blocks encrypted. For dm-crypt/LUKS we use 512 byte blocks, but XTS can do much larger. However beyond a certain block size it security is suspected to degrade. I looked the limits up again, the hard limit is (2^128)-2 x 128 bit blocks. If I understand this correctly exceeding this limit breaks the cipher. Then there is the soft limit of 2^20 x 128 bit, i.e. 16MB block size. The block size should be kept below that and 512B is well below it. I do not know of any 1TB limit. Arno -- Arno Wagner, Dr. sc. techn., Dipl. Inform., CISSP -- Email: arno@xxxxxxxxxxx GnuPG: ID: 1E25338F FP: 0C30 5782 9D93 F785 E79C 0296 797F 6B50 1E25 338F ---- Cuddly UI's are the manifestation of wishful thinking. -- Dylan Evans If it's in the news, don't worry about it. The very definition of "news" is "something that hardly ever happens." -- Bruce Schneier _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
