On Wed, 13 Jan 2016, Arnd Bergmann wrote: > On Tuesday 12 January 2016 18:31:19 Mikulas Patocka wrote: > > > > Another possibility is to use dm-crypt block size 4k and use a filesystem > > with 4k blocksize on it (it will never send requests not aligned on 4k > > boundary, so we could reject such requests with an error). > > Is there ever a reason to use something other than 4K block size on > dm-crypt? > > Arnd You can't use 4k block on CBC (and most other encryption modes). If only a part of 4k block is written (and then system crash happens), CBC would corrupt the block completely. For example, suppose that EXT2 directory block is updated, the first 512-byte sector is written and the rest of the sectors is not written because of a crash. CBC would corrupt all sectors except the first one in this case. You could use 4k block on XTS and ECB. Mikulas -- dm-devel mailing list dm-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/dm-devel
