Michael, On 05.10.2016 23:11, Michael Halcrow wrote: >>> In the meantime, to address the CBC thing, I'd want to understand what >>> the hardware is doing exactly. I wouldn't want the existence of code >>> that supports CBC in fs/crypto to be interpreted as some sort of >>> endorsement for using it rather than XTS (when unauthenticated >>> encryption is for some reason the only viable option) for new storage >>> encryption applications. >> >> The hardware offers AES-CBC, accessible via the kernel crypto API. > > I presume your goal is to usually package up relatively large segments > of data you'd like to chain together under one key/IV? Yes. That's the plan. > Else, for random-access block storage, I would like to get on idea on > what the latency/throughput/power impact would be vs. just doing > AES-XTS on the CPU. Hopefully I can report some results soon. :-) > Regardless, if you need IV generation in fs/crypto, you can use ESSIV > from eCryptfs as an example. Except you'll probably want to use > SHA-256 instead of MD5, if only for the sake of hygiene. Thanks for the pointer. Thanks, //richard -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html