On 02/03/2020 09:33, Van Leeuwen, Pascal wrote: > Hmm ... in principle IEEE-1619 also defines XTS *only* for AES. So by that same > reasoning, you should also not allow any usage of XTS beyond AES. Yet it is > actually being actively used(?) with other ciphers in the Linux kernel. Just FYI - yes, it is actively used with other ciphers. There is a lot of LUKS devices that use Serpent or Twofish with XTS mode. The same for TrueCrypt/VeraCrypt, here sometimes it is used also in cipher chain (both native binaries or cryptsetup code use dm-crypt with crypto API here). XTS mode is designed for storage encryption only - and at least for disk encryption I have never seen request for 192bit keys... Milan
