Discussion:
security impact when using 256 instead of 512 aes-xts-plain key length
unggnu
2009-02-10 14:16:45 UTC
Permalink
Hi,

afaik using 256 bit key length with aes-xts-plain results in a 128 bit
aes encryption and a 128 bit XTS key.
128-AES should be secure of course but what difference does the half XTS
key make? According to Wikipedia there is a terabyte limit which might
be lower with 128 and XTS uses two keys which might result in two 64 bit
ones?
Does anyone know which impact it have or know a good source for this? I
haven't found any information which might be interesting for non crypto
experts.
256 is faster but most likely because of the less rounds of AES-128. If
there is no real difference like between AES-256 and AES-128 the
keylength of 256 would make sense for slower cpus.

Thanks in advance
unggnu
j. sadler
2009-02-12 05:50:23 UTC
Permalink
Is there any speculation on this encryption with the new
Extension 4 file system about to enter Linux land? It seems like Extension 4
will be something people will really want to use.
Hi,
afaik using 256 bit key length with aes-xts-plain results in a 128 bit aes
encryption and a 128 bit XTS key.
128-AES should be secure of course but what difference does the half XTS
key make? According to Wikipedia there is a terabyte limit which might be
lower with 128 and XTS uses two keys which might result in two 64 bit ones?
Does anyone know which impact it have or know a good source for this? I
haven't found any information which might be interesting for non crypto
experts.
256 is faster but most likely because of the less rounds of AES-128. If
there is no real difference like between AES-256 and AES-128 the keylength
of 256 would make sense for slower cpus.
Thanks in advance
unggnu
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
Heinz Diehl
2009-02-12 06:37:00 UTC
Permalink
Post by j. sadler
Is there any speculation on this encryption with the new
Extension 4 file system about to enter Linux land?
LUKS/cryptsetup encryption is not filesystem related, it works fully
transparent. You can set up an encrypted LUKS/cryptsetup partition on ext4
right now (if you are on at least kernel 2.6.28).
Sven Eschenberg
2009-02-12 07:34:28 UTC
Permalink
And vice versa of course (ext4 on dmcrypt device).
Post by Heinz Diehl
Post by j. sadler
Is there any speculation on this encryption with the new
Extension 4 file system about to enter Linux land?
LUKS/cryptsetup encryption is not filesystem related, it works fully
transparent. You can set up an encrypted LUKS/cryptsetup partition on ext4
right now (if you are on at least kernel 2.6.28).
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
unggnu
2009-03-11 20:40:20 UTC
Permalink
Hi,

doesn't anyone of the devs know something about this? Who one else could
I ask or where can I find more information?

unggnu
Hi,
afaik using 256 bit key length with aes-xts-plain results in a 128 bit aes
encryption and a 128 bit XTS key.
128-AES should be secure of course but what difference does the half XTS
key make? According to Wikipedia there is a terabyte limit which might be
lower with 128 and XTS uses two keys which might result in two 64 bit ones?
Does anyone know which impact it have or know a good source for this? I
haven't found any information which might be interesting for non crypto
experts.
256 is faster but most likely because of the less rounds of AES-128. If
there is no real difference like between AES-256 and AES-128 the keylength
of 256 would make sense for slower cpus.
Thanks in advance
unggnu
---------------------------------------------------------------------
dm-crypt mailing list - http://www.saout.de/misc/dm-crypt/
Loading...