Re: Bug#482092: XTS and LRW mode of operation
Hi Alberto,
On Tue, May 20, 2008 at 08:41:19PM +0200, Alberto wrote:
> Please add aes-lrw-benbi and aes-xts-plain to the list of available
> mode of operation. XTS is the upcoming standard.
Thanks for the suggestion. I think offering those modes
in partman-crypto is very desirable.
Before we can do it we will need to make some non-trivial
code changes though to account for the different key sizes
that are valid in combination with those modes.
The kernel Kconfig help suggests that for LRW we'd need to
add 128 bits and for XTS to double the key size:
aes-lrw-benbi: 256/320/384 bits
aes-xts-plain: 256/384/512 bits
I wonder how we should best handle this difference. We
could try to offer the valid key sizes only after the user
has chosen the iv-algorithm, but that is more involved
because users may currently change parameters in any order.
Perhaps we should just offer the regular key sizes (128,
192, 256 bits) and adjust them (adding 128 or doubling it)
depending on the iv-algorithm selected.
The latter seems more flexible, but may be surprising for
people who are aware of the different requirements. They may
wonder why they can select 128-bit AES with aes-lrb-benbi,
for example. Do you think this could be a problem?
Another question comes to mind: Since XTS is considered to
be the successor to LRW (at least for IEEE P1619 standard),
are there reasons to offer any LRW modes? Are you aware of
any practical advantages over XTS?
Max
Reply to: