[pkg-cryptsetup-devel] efficacy of xts over 1TB

David Santamaría Rogado howl.nsp at gmail.com
Thu Jul 22 14:55:20 UTC 2010


Hello Jonas,

Thanks a lot for the e-mail, I will forward them the question.

2010/7/21 Jonas Meurer <jonas at freesources.org>:
> Hey David,
>
> On 19/07/2010 David Santamaría Rogado wrote:
>> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494584#15, says about
>> a XTS detriment on security on large filesystems.
>>
>> But in the wikipedia's discussion:
>> http://en.wikipedia.org/wiki/Talk:Disk_encryption_theory#Issues_with_XTS
>>
>> "Issues with XTS
>>
>> There is also an issue about the size of the filesystem encrypted with
>> the support of XTS. This is discussed here:
>> http://lists.alioth.debian.org/pipermail/pkg-cryptsetup-devel/2008-September/002265.html
>> —Preceding unsigned comment added by 62.2.182.207 (talk) 19:40, 1
>> April 2010 (UTC)
>>
>> This is a misconception, since it does not apply to large filesystems
>> (containing many data units/sectors, which are encrypted totally
>> indepently), but to very large single data units, i.e.: The size of
>> any single data unit should not exceed 270 bytes. The data unit size
>> for a typical filesystem is between 512 and 64536 bytes only
>> (29/216).93.205.111.251 (talk) 15:37, 2 April 2010 (UTC)"
>>
>>
>> So, XTS has collision troubles with >500 GB or >1TB of data, or, it's a
>> misconception and there isn't any issue about this on large
>> filesystems.
>
> To be honest, I don't know details about crypto algorithms, and I'm not
> a crypto expert by any means. Thus I suggest that you resend the message
> to dm-crypt at saout.de, which is read by several crypto experts.
>
> greetings,
>  jonas
>
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
>
> iQEcBAEBCAAGBQJMRiarAAoJEHUY1PcOVR4zAH8H/1AVW4pG5QR+HT4H4PKmhErG
> BOhXZy85KVgKAdt0oKHvgWoroYI5WtGHQlR4zUOQwlzEc9ZOAS90wS/XF6IxnIP7
> BrqKxMfaO/nHWS2pv0WvcWlKTeP7LduQbtDDBCQpu96kGs67EJ4/R49KJHRhNPQs
> 57Xn8FG7qAcXMveWmNmy/l1f3tt6UYW9/6Z6+hwRLtN/X3/rD00I4VtZss7BMzAh
> fdttFqsr7j2HIRC7PiWt3bDy1gLLVK8I5NrsPuZyL4BgaQSndD6G+KX4phWCeTTm
> qK5mjAjq9ne+C788HxEm5mrAU3A3iC/AzZaIdgvl6sqRAr/O2l7prdolFEN+fJg=
> =9TFI
> -----END PGP SIGNATURE-----
>
>



More information about the pkg-cryptsetup-devel mailing list