This thread is going crazy... :) 1) Facts about using plain IV generator: - "plain" IV is 32bit only, supported by all kernels - you should avoid using it for >2TB devices - it will remain this way because of backward compatibility (howgh:-) - "plain64" is fully 64bit, available since kernel 2.6.33 - for device < 2TB it produces the same output as "plain" => use plain64 for new devices if you want to use tweakable encryption mode like XTS (or LRW), e.g. cryptsetup -c aes-xts-plain64 p.s. Never use plain* IV for CBC mode, use ESSIV there. <joke>If you are using ECB mode, you are lost anyway.</joke> 2) crypsetup should have always safe defaults. It is aes-cbc-essiv:sha256 with 256bit key currently. 3) For the resize - we cannot catch all situations, someone can dd LUKS disk to another bigger volume without "resize" command. Tools will suggest using plain64 but it cannot force it. > So you guess the the 1TB limit could be actually ... Forgot about 1TB limit, it is different XTS only problem. We mixed up two unrelated problems here. Milan _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
