On Thu, 20 Jun 2019 at 15:02, Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: > > On Thu, 20 Jun 2019 at 14:53, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx> wrote: > > > > On Thu, Jun 20, 2019 at 09:30:41AM +0200, Ard Biesheuvel wrote: > > > > > > Is this the right approach? Or are there better ways to convey this > > > information when instantiating the template? > > > Also, it seems to me that the dm-crypt and fscrypt layers would > > > require major surgery in order to take advantage of this. > > > > Oh and you don't have to make dm-crypt use it from the start. That > > is, you can just make things simple by doing it one sector at a > > time in the dm-crypt code even though the underlying essiv code > > supports multiple sectors. > > > > Someone who cares about this is sure to come along and fix it later. > > > > It also depend on how realistic it is that we will need to support > arbitrary sector sizes in the future. I mean, if we decide today that > essiv() uses an implicit sector size of 4k, we can always add > essiv64k() later, rather than adding lots of complexity now that we > are never going to use. Note that ESSIV is already more or less > deprecated, so there is really no point in inventing these weird and > wonderful things if we want people to move to XTS and plain IV > generation instead. Never mind, the sector size is already variable ...