[pkg-cryptsetup-devel] efficacy of xts over 1TB
Jonas Meurer
jonas at freesources.org
Tue Jul 20 22:44:01 UTC 2010
Hey David,
On 19/07/2010 David Santamaría Rogado wrote:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494584#15, says about
> a XTS detriment on security on large filesystems.
>
> But in the wikipedia's discussion:
> http://en.wikipedia.org/wiki/Talk:Disk_encryption_theory#Issues_with_XTS
>
> "Issues with XTS
>
> There is also an issue about the size of the filesystem encrypted with
> the support of XTS. This is discussed here:
> http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/2008-September/002265.html
> —Preceding unsigned comment added by 62.2.182.207 (talk) 19:40, 1
> April 2010 (UTC)
>
> This is a misconception, since it does not apply to large filesystems
> (containing many data units/sectors, which are encrypted totally
> indepently), but to very large single data units, i.e.: The size of
> any single data unit should not exceed 270 bytes. The data unit size
> for a typical filesystem is between 512 and 64536 bytes only
> (29/216).93.205.111.251 (talk) 15:37, 2 April 2010 (UTC)"
>
>
> So, XTS has collision troubles with >500 GB or >1TB of data, or, it's a
> misconception and there isn't any issue about this on large
> filesystems.
To be honest, I don't know details about crypto algorithms, and I'm not
a crypto expert by any means. Thus I suggest that you resend the message
to dm-crypt at saout.de, which is read by several crypto experts.
greetings,
jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/attachments/20100721/a95d8911/attachment.pgp>
More information about the pkg-cryptsetup-devel
mailing list