Hi, Am 01.11.2011 05:50, schrieb Arno Wagner: > * Are there any problems with "plain" IV? What is "plain64"? > > First, "plain" and "plain64" are both not secure to use with CBC, > see previous FAQ item. > > However there are modes, like XTS, that are secure with "plain" IV. > The next limit is that "plain" is 64 bit, with the upper 32 bit set > to zero. This means that on volumes larger than 2TiB, the IV > repeats, creating a vulnerability that potentially leaks some > data. To avoid this, use "plain64", which uses the full sector > number up to 64 bit. Note that "plain64" requires a kernel >= > 2.6.33. Also note that "plain64" is backwards compatible for > volume sizes <= 2TiB, but not for those > 2TiB. Finally, "plain64" > does not cause any performance penalty compared to "plain". Wouldn't it be nice for cryptsetup to print a warning when someone is going to create a luks device >2TiB with "plain" IV (e.g., aes-xts-plain)? A note in the man page would also be nice (where it mentions aes-xts-plain). Or perhaps cryptsetup should automatically select plain64 in such a case? According to the description above there seems to be absolutely no drawback in using plain64, so why not use it? I, for example, have read this section of the FAQ only after creating and filling my luks partition. Now I have to re-create everything, which will take several hours. Greetings, Philipp _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
