RE: [RFC] crypto: xts - limit accepted key length

From: Van Leeuwen, Pascal
Date: Tue Mar 03 2020 - 08:03:39 EST

Next message: Greg Kroah-Hartman: "Re: [PATCH 00/17] VFS: Filesystem information and notifications [ver #17]"
Previous message: Bernd Edlinger: "[PATCHv5] exec: Fix a deadlock in ptrace"
In reply to: Milan Broz: "Re: [RFC] crypto: xts - limit accepted key length"
Next in thread: Van Leeuwen, Pascal: "RE: [RFC] crypto: xts - limit accepted key length"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: Milan Broz <gmazyland@xxxxxxxxx>
> Sent: Tuesday, March 3, 2020 1:36 PM
> To: Van Leeuwen, Pascal <pvanleeuwen@xxxxxxxxxx>; Andrei Botila <andrei.botila@xxxxxxxxxxx>; Herbert Xu
> <herbert@xxxxxxxxxxxxxxxxxxx>; David S. Miller <davem@xxxxxxxxxxxxx>
> Cc: linux-crypto@xxxxxxxxxxxxxxx; linux-kernel@xxxxxxxxxxxxxxx
> Subject: Re: [RFC] crypto: xts - limit accepted key length
>
> <<< External Email >>>
> On 02/03/2020 09:33, Van Leeuwen, Pascal wrote:
> > Hmm ... in principle IEEE-1619 also defines XTS *only* for AES. So by that same
> > reasoning, you should also not allow any usage of XTS beyond AES. Yet it is
> > actually being actively used(?) with other ciphers in the Linux kernel.
> Just FYI - yes, it is actively used with other ciphers.
>
> There is a lot of LUKS devices that use Serpent or Twofish with XTS mode.
>
> The same for TrueCrypt/VeraCrypt, here sometimes it is used also in cipher chain
> (both native binaries or cryptsetup code use dm-crypt with crypto API here).
>
> XTS mode is designed for storage encryption only - and at least for disk encryption
> I have never seen request for 192bit keys...
>
Me neither ... but I was just pointing out that referring to the IEEE spec (for supporting
only 128 and 256 bit keys) makes no sense if you also support other blockciphers not
mentioned in that same IEEE spec.

The mode itself can obviously work with any 128 bit blockcipher, with any keysize.
So any limitation on that would be purely artificial IMHO.

Regards,
Pascal van Leeuwen
Silicon IP Architect Multi-Protocol Engines, Rambus Security
Rambus ROTW Holding BV
+31-73 6581953

Note: The Inside Secure/Verimatrix Silicon IP team was recently acquired by Rambus.
Please be so kind to update your e-mail address book with my new e-mail address.

** This message and any attachments are for the sole use of the intended recipient(s). It may contain information that is confidential and privileged. If you are not the intended recipient of this message, you are prohibited from printing, copying, forwarding or saving it. Please delete the message and attachments and notify the sender immediately. **

Rambus Inc.<http://www.rambus.com>

Next message: Greg Kroah-Hartman: "Re: [PATCH 00/17] VFS: Filesystem information and notifications [ver #17]"
Previous message: Bernd Edlinger: "[PATCHv5] exec: Fix a deadlock in ptrace"
In reply to: Milan Broz: "Re: [RFC] crypto: xts - limit accepted key length"
Next in thread: Van Leeuwen, Pascal: "RE: [RFC] crypto: xts - limit accepted key length"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]