On 01/03/2015 11:30 AM, Arno Wagner wrote: > On Sat, Jan 03, 2015 at 00:18:21 CET, Christian Stadelmann wrote: >> cipher: aes-cbc-essiv (default in plain mode) >> There are known attacs against aes-cbc-essiv which lead to using aes-xts >> as default cipher in LUKS mode. Is there any reason why it should not be >> used in plain mode? > > Simple: Backwards compatibility. As plain mode does not > have a header, this would break old uses. Anybody that wants > it can already use XTS. seconded; I rely on this -- please don't change this :-) Christian: anyone who is using dm-crypt in plain mode *already* knows what he is doing. If they don't, they should not be using plain mode. There is no need for you or me to worry about them, in my opinion. _______________________________________________ dm-crypt mailing list dm-crypt@xxxxxxxx http://www.saout.de/mailman/listinfo/dm-crypt
