* james hughes <hugh...@mac.com> wrote:

> If there is no room for or an integrity field, you can look at
> XTS-AES.
> http://csrc.nist.gov/publications/nistpubs/800-38E/nist-sp-800-38E.pdf

A not so well-known statement of said PDF certainly is the following,
especially in light of today's storage device capacities:

"The length of the data unit for any instance of an implementation of
XTS-AES shall not exceed 2^20 AES blocks."

It seems to have made it smartly into openbsd, at least this
commit-info hints it:

http://marc.info/?l=openbsd-cvs&m=121341266715025

-- 
left blank, right bald

Attachment: pgpjXNpaGVZ6T.pgp
Description: PGP signature

Reply via email to